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PREFACE TO THE FIRST EDITION 


Several years ago, while reading Weil’s Number Theory: An Approach Through His- 
tory, I noticed a conjecture of Euler concerning primes of the form x” + 14y?. That 
same week I picked up Cohn’s A Classical Invitation to Algebraic Numbers and 
Class Fields and saw the same example treated from the point of view of the Hilbert 
class field. The coincidence made it clear that something interesting was going on, 
and this book is my attempt to tell the story of this wonderful part of mathematics. 

Iam an algebraic geometer by training, and number theory has always been more 
of an avocation than a profession for me. This will help explain some of the curi- 
ous omissions in the book. There may also be errors of history or attribution (for 
which I take full responsibility), and doubtless some of the proofs can be improved. 
Corrections and comments are welcome! 

I would like to thank my colleagues in the number theory seminars of Oklahoma 
State University and the Five Colleges (Amherst College, Hampshire College, Mount 
Holyoke College, Smith College and the University of Massachusetts) for the op- 
portunity to present material from this book in preliminary form. Special thanks 
go to Dan Flath and Peter Norman for their comments on earlier versions of the 
manuscript. I also thank the reference librarians at Amherst College and Oklahoma 
Slate University for their help in obtaining books through interlibrary loan. 


DAVID A. Cox 
Amherst, Massachsusetts 
August 1989 


PREFACE TO THE SECOND EDITION 


The philosophy of the second edition is to preserve as much of the original text as 
possible. The major changes are: 


e A new §15 on Shimura reciprocity has been added, based on work of Peter 
Stevenhagen and Alice Gee [A10, Al11, A23] and Bumkyo Cho [A6]}. 


e The fifteen sections are now organized into four chapters: 
- The original §§ 1-13, which present a complete solution of p = x? + ny’, 
now constitute Chapters One, Two and Three. 
—- The new Chapter Four consists of the original §14 (on elliptic curves) 


and the new §15 (on Shimura reciprocity). 


e An “Additional References” section has been added to supplement the original 
references [1]—[112]. This section is divided into five parts: 


— The first part consists of references [A1]—[A24] that are cited in the text. 
These references (by no means complete) provide updates to the book. 


— The remaining four parts give some references (also not complete) for 
further reading that are relevant to the topics covered in Chapters One, 
Two, Three and Four. 


e The expanded Notation section now includes all notation used in the book. 
Specialized notation is listed according to the page where it first appears. 


xi 


xii PREFACE TO THE SECOND EDITION 


The other changes to the text are very minor, mostly to enhance clarity, improve 
formatting, and simplify some of the proofs. One exception is the addition of new 
exercises: at the end of §12, Exercise 12.31 shows how Ramanujan could have de- 
rived Weber’s formula for f, (\/— 14)? (thanks to Heng Huat Chan), and at the end of 
§14, Exercise 14.24 gives an elliptic curve primality test for Mersenne numbers due 
to Dick Gross [A12] (thanks to Alice Silverberg). 

The web site for the book includes typographical errors and a link to supplemen- 
tary exercises for §§1~3 written by Jeffrey Stopple. The URL of the web site is 


http: //www.cs.amherst.edu/~dac/primes.html 


I would like to thank the following people for the errors they found in the first 
edition and for the suggestions they made: Michael Baake, Dominique Bernardi, Jeff 
Beyerl, Reinier Broker, Tony Feng, Nicholas Gavrielides, Lee Goswik, Christian 
Guenther, Shiv Gupta, Kazuo Hata, Yves Hellegouarach, Norm Hurt, Tim Hutchin- 
son, Trevor Hyde, Maurice Kostas, Susumu Kuninaga, Franz Lemmermeyer, Joseph 
Lipman, Mario Magioladitis, David May, Stephen Mildenhall, Takashi Ono, Frans 
Oort, Alf van der Poorten, Jerry Shurman, Alice Silverberg, Neil Sloane, Steve 
Swanson, Cihangir Tezcan, Satoshi Tomabechi, Fan Xingyuan and Noriko Yui. 

Please let me know if you find any errors in the new edition! 

My hope is that the second edition of Primes of the Form x? +-ny* will help bring 
this wonderful part of number theory to a new audience of students and researchers. 


DAVID A. Cox 
Amherst, Massachsusetts 
November 2012 
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PRIMES OF THE 
FORM x? + ny? 


INTRODUCTION 


Most first courses in number theory or abstract algebra prove a theorem of Fermat 
which states that for an odd prime p, 


p=H=xrt+y,xyeZ => p=1mod4. 


This is only the first of many related results that appear in Fermat’s works. For 
example, Fermat also states that if p is an odd prime, then 

p=x4+2y,xyeZ <— p=1,3 mod8 

p=x4+3y,xyeZ <> p=3o0rp=1 mod3. 
These facts are lovely in their own right, but they also make one curious to know 


what happens for primes of the form x? + 5y*, x* + 6y’, etc. This leads to the basic 
question of the whole book, which we formulate as follows: 


Basic Question 0.1. Given a positive integer n, which primes p can be expressed in 
the form 
p= r+ ny’ 


where x and y are integers? 


We will answer this question completely, and along the way we will encounter some 
remarkably rich areas of number theory. The first steps will be easy, involving only 
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2 INTRODUCTION 


quadratic reciprocity and the elementary theory of quadratic forms in two variables 
over Z. These methods work nicely in the special cases considered above by Fermat. 
Using genus theory and cubic and biquadratic reciprocity, we can treat some more 
cases, but elementary methods fail to solve the problem in general. To proceed fur- 
ther, we need class field theory. This provides an abstract solution to the problem, 
but doesn’t give explicit criteria for a particular choice of n in x* + ny”. The final step 
uses modular functions and complex multiplication to show that for a given n, there 
is an algorithm for answering our question of when p = x? + ny’. 

This book has several goals. The first, to answer the basic question, has already 
been stated. A second goal is to bridge the gap between elementary number theory 
and class field theory. Although our basic question is simple enough to be stated 
in any beginning course in number theory, we will see that its solution is intimately 
bound up with higher reciprocity laws and class field theory. A related goal is to pro- 
vide a well-motivated introduction to the classical formulation of class field theory. 
This will be done by carefully stating the basic theorems and illustrating their power 
in various concrete situations. 

Let us summarize the contents of the book in more detail. We begin in Chapter 
One with the more elementary approaches to the problem, using the works of Fermat, 
Euler, Lagrange, Legendre and Gauss as a guide. In §1, we will give Euler’s proofs 
of the above theorems of Fermat for primes of the form x? + y?, x? +2y? and x? + 
3y*, and we will see what led Euler to discover quadratic reciprocity. We will also 
discuss the conjectures Euler made concerning p = x? + ny? for n > 3. Some of these 
conjectures, such as 


(0.2) p=x+5y <> p=1,9 mod 20, 
are similar to Fermat’s theorems, while others, like 


: . p= 1 mod 3 and 2isa 
p=Hx+271y — . : 
cubic residue modulo p, 
are quite unexpected. For later purposes, note that this conjecture can be written in 
the following form: 


5 5 p =1 mod 3 andx*° =2 mod p 
(0.3) p=x+27Ty —> : : 
has an integer solution. 


In §2, we will study Lagrange’s theory of positive definite quadratic forms. After 
introducing the basic concepts of reduced form and class number, we will develop 
an elementary form of genus theory which will enable us to prove (0.2) and similar 
theorems. Unfortunately, for cases like (0.3), genus theory can only prove the partial 
result that 


x 4 27y" 
(0.4) p= or <=> p=1mod3. 
Ax? + 2xy + Ty? 


INTRODUCTION 3 


The problem is that x? + 27y? and 4x? + 2xy+7y? lie in the same genus and hence 
can’t be separated by simple congruences. We will also discuss Legendre’s tentative 
attempts at a theory of composition. 

While the ideas of genus theory and composition were already present in the 
works of Lagrange and Legendre, the real depth of these theories wasn’t revealed 
until Gauss came along. In §3 we will present some basic results in Gauss’ Dis- 
quisitiones Arithmeticae, and in particular we will study the remarkable relationship 
between genus theory and composition. But for our purposes, the real breakthrough 
came when Gauss used cubic reciprocity to prove Euler’s conjecture (0.3) concern- 
ing p = x* +2Ty’. In §4 we will give a careful statement of cubic reciprocity, and we 
will explain how it can be used to prove (0.3). Similarly, biquadratic reciprocity can 
be used to answer our question for x? + 64y*. We will see that Gauss clearly recog- 
nized the role of higher reciprocity laws in separating forms of the same genus. This 
section will also begin our study of algebraic integers, for in order to state cubic and 
biquadratic reciprocity, we must first understand the arithmetic of the rings Zle27/ 3) 
and Z|i]. 

To go further requires class field theory, which is the topic of Chapter Two. We 
will begin in §5 with the Hilbert class field, which is the maximal unramified Abelian 
extension of a given number field. This will enable us to prove the following general 
result: 


Theorem 0.5. Let n = 1,2 mod 4 be a positive squarefree integer. Then there is an 
irreducible polynomial f,(x) € Z[x| such that for a prime p dividing neither n nor 
the discriminant of fn (x), 


pee ipess (=n/p)= 1 anit Sal) =0 mod p 
has an integer solution. 
While the statement of Theorem 0.5 is elementary, the polynomial f,(x) is quite 
sophisticated: it is the minimal polynomial of a primitive element of the Hilbert 
class field L of K = Q(./—n). 
As an example of this theorem, we will study the case n = 14. We will show that 


the Hilbert class field of K = Q(./—14) is L = K(a), where a = 22-1. By 


Theorem 0.5, this will show that for an odd prime p, 


(06) ee a Ts ne as 

has an integer solution, 
which answers our basic question for x* + 14y?. The Hilbert class field will also 
enable us in §6 to give new proofs of the main theorems of genus theory. 

The theory sketched so far is very nice, but there are some gaps in it. The most 
obvious is that the above results for x? + 27y” and x? + 14y? ((0.3) and (0.6) respec- 
tively) both follow the same format, but (0.3) does not follow from Theorem 0.5, 
for n = 27 is not squarefree. There should be a unified theorem that works for all 
positive n, yet the proof of Theorem 0.5 breaks down for general n because Z[,/—n| 
is not in general the full ring of integers in Q(./—n). 


4 INTRODUCTION 


The goal of §§7-9 is to show that Theorem 0.5 holds for all positive integers 
n. This, in fact, is the main theorem of the whole book. In §7 we will study the 
rings Z[,/—n] for general n, which leads to the concept of an order in an imaginary 
quadratic field. In §8 we will summarize the main theorems of class field theory and 
the Cebotarev Density Theorem, and in §9 we will introduce a generalization of the 
Hilbert class field called the ring class field, which is a certain (possibly ramified) 
Abelian extension of Q(./—n) determined by the order Z[,/—n]. Then, in Theorem 
9.2, we will use the Artin Reciprocity Theorem to show that Theorem 0.5 holds for 
all n > 0, where the polynomial f,,(x) is now the minimal polynomial of a primitive 
element of the above ring class field. To give a concrete example of what this means, 
we will apply Theorem 9.2 to the case x* + 27y*, which will give us a class field 
theory proof of (0.3). In §§8 and 9 we will also discuss how class field theory is 
related to higher reciprocity theorems. 

The major drawback to the theory presented in §9 is that it is not constructive: 
for a given n > 0, we have no idea how to find the polynomial f,,(x). From (0.3) 
and (0.6), we know fo7(x) and f\4(x), but the methods used in these examples hardly 
generalize. Chapter Three will use the theory of complex multiplication to remedy 
this situation. In §10 we will study elliptic functions and introduce the idea of com- 
plex multiplication, and then in §11 we will discuss modular functions for the group 
T(m) and show that the j-function can be used to generate ring class fields. As an 
example of the wonderful formulas that can be proved, in §12 we will give Weber’s 
computation that 


j(V/—14) =23 (323 + 2285+ (231 +1612) 2v2- 1) 


These methods will enable us to prove the Baker-Heegner—Stark Theorem on imag- 
inary quadratic fields of class number 1. In §13 of the book we will discuss the class 
equation, which is the minimal polynomial of j(.,/—n). We will learn how to com- 
pute the class equation, which will lead to a constructive solution of p = x* + ny’. 
We will then describe some work by Deuring and by Gross and Zagier. In 1946 
Deuring proved a result about the difference of singular j-invariants, which implies 
an especially elegant version of our main theorem, and drawing on Deuring’s work, 
Gross and Zagier discovered yet more remarkable properties of the class equation. 
The first three chapters of the book present a complete solution to the problem of 
when p = x” + ny’. In Chapter Four, we pursue two additional topics, elliptic curves 
in §14 and Shimura reciprocity in §15, that give a more modern approach to the study 
of complex multiplication. We also include applications to primality testing in §14. 
The new §15 discusses ideles and the field of modular functions, and replaces certain 
pretty but ad-hoc arguments used in §12 with a more systematic treatment based on 
Shimura reciprocity. We also give an unexpected application to p = x? + ny’. 
Number theory is usually taught at three levels, as an undergraduate course, a 
beginning graduate course, or a more advanced graduate course. These levels cor- 
respond roughly to the first three chapters of the book. Chapter One requires only 
beginning number theory (up to quadratic reciprocity) and a semester of abstract al- 
gebra. Since the proofs of quadratic, cubic and biquadratic reciprocity are omitted, 
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this book would be best suited as a supplementary text in a beginning course. For 
Chapter Two, the reader should know Galois theory and some basic facts about al- 
gebraic number theory (these are reviewed in §5), but no previous exposure to class 
field theory is assumed. The theorems of class field theory are stated without proof, 
so that this book would be most useful as a supplement to the topics covered in a first 
graduate course. Chapter Three requires a knowledge of complex analysis, but other- 
wise it is self-contained. (Brief but complete accounts of the Weierstrass y-function 
and modular functions are included in §§10 and 11.) This portion of the book should 
be suitable for use in a graduate seminar. The same is true for Chapter Four. 

There are exercises at the end of each section, many of which consist of working 
out the details of arguments sketched in the text. Readers learning this material for 
the first time should find the exercises to be useful, while more sophisticated readers 
may skip them without loss of continuity. 

Many important (and relevant) topics are not covered in the book. An obvious 
omission in Chapter One concerns forms such as x* — 2y*, which were certainly 
considered by Fermat and Euler. Questions of this sort lead to Pell’s equation and 
the class field theory of real quadratic fields. We have also ignored the problem 
of representing arbitrary integers, not just primes, by quadratic forms, and there are 
interesting questions to ask about the number of such representations (this material is 
covered in Grosswald’s book [47]). In Chapter Two we give a classical formulation 
of class field theory, with only a brief mention of adeles and ideles. A more modern 
treatment can be found in Neukirch [80] or Weil [104] (see also the new §15). We 
also do not do justice to the use of analytic methods in number theory. For a nice 
introduction in the case of quadratic fields, see Zagier [111]. Our treatment of elliptic 
curves in Chapter Four is rather incomplete. See Husemdller [58], Knapp [A14] or 
Silverman [93] for the basic theory, while more advanced topics are covered by Lang 
(73], Shimura [90] and Silverman [A21]. At a more elemenary level, there is the 
wonderful book [A22] by Silverman and Tate. 

There are many books which touch on the number theory encountered in study- 
ing the problem of representing primes by x* +ny*. Four books that we particu- 
larly recommend are Cohn’s A Classical Invitation to Algebraic Numbers and Class 
Fields [19], Lang’s Elliptic Functions [73], Scharlau and Opolka’s From Fermat to 
Minkowski [86], and Weil’s Number Theory: An Approach Through History [106]. 
These books, as well as others to be found in the References, open up an extraordi- 
narily rich area of mathematics. The purpose of this book is to reveal some of this 
richness and to encourage the reader to learn more about it. 


Notes on the Second Edition 


The original text of the book consisted of §§1-14. For the second edition, we 
added the new §15 on Shimura reciprocity described above. 

As a supplement to the references for the first edition, a new section Additional 
References has been added. The new references cited in the text are indicated with a 
leading “A” (e.g., the references Knapp [A14], Silverman [A21], and Silverman and 
Tate [A22] given above). This section also contains suggestions for further reading 
for the four chapters. 


CHAPTER ONE 


FROM FERMAT TO GAUSS 


§1. FERMAT, EULER AND QUADRATIC RECIPROCITY 


In this section we will discuss primes of the form x? + ny”, where n is a fixed positive 
integer. Our starting point will be the three theorems of Fermat for odd primes p 


p=xty, x1yEZ => p=1mod4 
(1.1) p=x+2y’, xyEZ <=> p=l1or3 mod8 
p=x+3y’, xyeZ <> p=3o0rp=1 mod3 


mentioned in the introduction. The goals of §1 are to prove (1.1) and, more impor- 
tantly, to get a sense of what’s involved in studying the equation p = x* +ny* when 
n > Ois arbitrary. This last question was best answered by Euler, who spent 40 years 
proving Fermat’s theorems and thinking about how they can be generalized. Our 
exposition will follow some of Euler’s papers closely, both in the theorems proved 
and in the examples studied. We will see that Euler’s strategy for proving (1.1) was 
one of the primary things that led him to discover quadratic reciprocity, and we will 
also discuss some of his remarkable conjectures concerning p = x? + ny’ for n > 3. 
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These conjectures touch on quadratic forms, composition, genus theory, cubic and 
biquadratic reciprocity, and will keep us busy for the rest of the chapter. 


A. Fermat 


Fermat’s first mention of p = x? + y” occurs in a 1640 letter to Mersenne [35, Vol. II, 
p. 212], while p = x* + 2y” and p = x? + 3y’ come later, first appearing in a 1654 
letter to Pascal [35, Vol. II, pp. 310-314]. Although no proofs are given in these 
letters, Fermat states the results as theorems. Writing to Digby in 1658, he repeats 
these assertions in the following form: 


Every prime number which surpasses by one a multiple of four is composed 
of two squares. Examples are 5, 13, 17, 29, 37, 41, etc. 

Every prime number which surpasses by one a multiple of three is composed 
of a square and the triple of another square. Examples are 7, 13, 19, 31, 37, 43, 
etc. 

Every prime number which surpasses by one or three a multiple of eight is 
composed of a square and the double of another square. Examples are 3, 11, 17, 
19, 41, 43, etc. 


Fermat adds that he has solid proofs—“firmissimis demonstralibus” (35, Vol. I, pp. 
402-408 (Latin), Vol. II, pp. 314-319 (French)]. 

The theorems (1.1) are only part of the work that Fermat did with x? + ny*. For 
example, concerning x” + y, Fermat knew that a positive integer N is the sum of two 
squares if and only if the quotient of N by its largest square factor is a product of 
primes congruent to 1 modulo 4 [35, Vol. III, Obs. 26, pp. 256-257], and he knew 
the number of different ways N can be so represented [35, Vol. III, Obs. 7, pp. 243- 
246]. Fermat also studied forms beyond x? + y*, x* + 2y* and x* + 3y’. For example, 
in the 1658 letter to Digby quoted above, Fermat makes the following conjecture 
about x” + Sy”, which he admits he can’t prove: 


If two primes, which end in 3 or 7 and surpass by three a multiple of four, are 
multiplied, then their product will be composed of a square and the quintuple of 
another square. 

Examples are the numbers 3, 7, 23, 43, 47, 67, etc. Take two of them, for 
example 7 and 23; their product 161 is composed of a square and the quintuple 
of another square. Namely 81, a square, and the quintuple of 16 equal 161. 


Fermat’s condition on the primes is simply that they be congruent to 3 or 7 modulo 
20. In §2 we will present Lagrange’s proof of this conjecture, which uses ideas from 
genus theory and the composition of forms. 

Fermat’s proofs used the method of infinite descent, but that’s often all he said. 
As an example, here is Fermat’s description of his proof for p = x* + y* [35, Vol. II, 
p. 432]: 

If an arbitrarily chosen prime number, which surpasses by one a multiple of 
four, is not a sum of two squares, then there is a prime number of the same 
form, less than the given one, and then yet a third still less, etc., descending 
infinitely until you arrive at the number 5, which is the least of all of this nature, 
from which it would follow was not the sum of two squares. From this one 
must infer, by deduction of the impossible, that all numbers of this form are 
consequently composed of two squares. 
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This explains the philosophy of infinite descent, but doesn’t tell us how to produce 
the required lesser prime. We have only one complete proof by Fermat. It occurs in 
one of his marginal notes (the area of a right triangle with integral sides cannot be 
an integral square [35, Vol. III, Obs. 45, pp. 271-272]—for once the margin was big 
enough!). The methods of this proof (see Weil [106, p. 77] or Edwards [31, pp. 10- 
14] for modern expositions) do not apply to our case, so that we are still in the dark. 
An analysis of Fermat’s approach to infinite descent appears in Bussotti [A5]. Weil’s 
book [106] makes a careful study of Fermat’s letters and marginal notes, and with 
some hints from Euler, he reconstructs some of Fermat’s proofs. Weil’s arguments 
are quite convincing, but we won’t go into them here. For the present, we prefer to 
leave things as Euler found them, i-e., wonderful theorems but no proofs. 


B. Euler 


Euler first heard of Fermat’s results through his correspondence with Goldbach. In 
fact, Goldbach’s first letter to Euler, written in December 1729, mentions Fermat’s 
conjecture that 27" + 1 is always prime [40, p. 10]. Shortly thereafter, Euler read some 
of Fermat’s letters that had been printed in Wallis’ Opera [100] (which included the 
one to Digby quoted above). Euler was intrigued by what he found. For example, 
writing to Goldbach in June 1730, Euler comments that Fermat’s four-square theo- 
rem (every positive integer is a sum of four or fewer squares) is a “non inelegans 
theorema” [40, p. 24]. For Euler, Fermat’s assertions were serious theorems deserv- 
ing of proof, and finding the proofs became a life-long project. Euler’s first paper on 
number theory, written in 1732 at age 25, disproves Fermat’s claim about 22" + 1 by 
showing that 641 is a factor of 232 + 1 [33, Vol. II, pp. 1-5]. Euler’s interest in num- 
ber theory continued unabated for the next 51 years—there was a steady stream of 
papers introducing many of the fundamental concepts of number theory, and even af- 
ter his death in 1783, his papers continued to appear until 1830 (see [33, Vol. IV-V]). 
Weil’s book [106] gives a survey of Euler’s work on number theory (other references 
are Burkhardt [14], Edwards (31, Chapter 2], Scharlau and Opolka [86, Chapter 3], 
and the introductions to Volumes II—V of Euler’s collected works [33]). 
We can now present Euler’s proof of the first of Fermat’s theorems from (1.1): 


Theorem 1.2. An odd prime p can be written as x* + y if and only if p = 1 mod 4. 


Proof. If p =x’ +y*, then congruences modulo 4 easily imply that p = 1 mod 4. 
The hard work is proving the converse. We will give a modern version of Euler’s 
proof. Given an odd prime p, there are two basic steps to be proved: 


Descent Step : If p | x° + y*, gcd(x,y) = 1, then p can be written 
as x’ + y’ for some possibly different x, y. 
Reciprocity Step : If p = 1 mod 4, then p [xe +y’, ged(x,y) = 1. 
It will soon become clear why we use the names “Descent” and “Reciprocity.” 


We’ ll do the Descent Step first since that’s what happened historically. The argu- 
ment below is taken from a 1747 letter to Goldbach [40, pp. 416-419] (see also (33, 
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Vol. II, pp. 295-327]). We begin with the classical identity 

(1.3) (x? +y’) (2? +.w*) = (xz+ yw)? + (xw = yz)? 

(see Exercise 1.1) which enables one to express composite numbers as sums of 
squares. The key observation is the following lemma: 


Lemma 1.4. Suppose that N is a sum of two relatively prime squares, and that 
q=x°+y" is a prime divisor of N. Then N/q is also a sum of two relatively prime 
squares. 


Proof. Write N = a? + b?, where a and b are relatively prime. We also have q = 
x’ +y’, and thus q divides 
PN—-ag=X(a2 +b) —a(e+y’) 
= xb? —a’y’ = (xb — ay) (xb +ay). 
Since q is prime, it divides one of these two factors, and changing the sign of a if 
necessary, we can assume that g | xb — ay. Thus xb — ay = dq for some integer d. 


We claim that x | a+ dy. Since x and y are relatively prime, this is equivalent to 
x | (a+dy)y. However, 


(a+dy)y = ay+dy =xb—dq+dy 
= xb— d(x? +y’) + dy’ = xb— dx’, 


which is obviously divisible by x. Furthermore, if we set a+ dy = cx, then the above 
equation implies that b = dx + cy. Thus we have 


a=cx—dy 


1.5 
oe) b=dx-+cy. 
Then, using (1.3), we obtain 


N = a? +b? = (cx—dy)* + (dx+cey)? 
(7 + y?)(c? +d”) = q(c? +d’). 


Thus N/q = c? +d? is a sum of squares, and (1.5) shows that c and d must be 
relatively prime since a and b are. This proves the lemma. Q.E.D. 


To complete the proof of the Descent Step, let p be an odd prime dividing N = 
a’ + b’, where a and b are relatively prime. If a and b are changed by multiples 
of p, we still have p | a? +b”. We may thus assume that |a| < p/2 and |b| < p/2, 
which in turn implies that N < p?/2. The new a and b may have a greatest common 
divisor d > 1, but p doesn’t divide d, so that dividing a and b by d, we may assume 
that p | N, N < p?/2, and N = a? +b? where gcd (a,b) = 1. Then all prime divisors 
q # p of N are less than p. If g were a sum of two squares, then Lemma 1.4 would 
show that N/q would be a multiple of p that is again a sum of two squares. If all such 
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q’s were sums of two squares, then repeatedly applying Lemma 1.4 would imply that 
p itself was of the same form. So if p is not a sum of two squares, there must be a 
smaller prime g with the same property. Since there is nothing to prevent us from 
repeating this process indefinitely, we get an infinite decreasing sequence of prime 
numbers. This contradiction finishes the Descent Step. 

This is a classical descent argument, and as Weil argues [106, pp. 68-69], it is 
probably similar to what Fermat did. In §2 we will take another approach to the 
Descent Step, using the reduction theory of positive definite quadratic forms. 

The Reciprocity Step caused Euler a lot more trouble, taking him until 1749. 
Euler was clearly relieved when he could write to Goldbach “Now have I finally 
found a valid proof” [40, pp. 493-495]. The basic idea is quite simple: since p = 
1 mod 4, we can write p = 4k + 1. Then Fermat’s Little Theorem implies that 


(x7 — 1) (x* 4.1) = x*-— 1 =0 mod p 


for all x #0 mod p. If x** — 140 mod p for one such x, then p | x* +1, so that 
p divides a sum of relatively prime squares, as desired. For us, the required x is 
easy to find, since x** — 1 is a polynomial over the field Z/pZ and hence has at most 
2k < p—1 roots. Euler’s first proof is quite different, for it uses the calculus of 
finite differences—see Exercise 1.2 for details. This proves Fermat’s claim (1.1) for 
primes of the form x? + y’. Q.E.D. 


Euler used the same two-step strategy in his proofs for x* + 2y* and x? + 3y’. The 
Descent Steps are 
If p |x? +2y’, gcd (x,y) = 1, then p is of the form x” + 2y* for 
some possibly different x, y 
If p |x? + 3y’, ged (x,y) = 1, then p is of the form x? + 3y’ for 
some possibly different x, y, 


and the Reciprocity Steps are 


If p = 1,3 mod 8, then p| x? +2y’, ged(x,y) = 1 
If p = 1 mod 3, then p | x” +3y*, gcd(x,y) =1, 


where p is always an odd prime. In each case, the Reciprocity Step was harder to 
prove than the Descent Step, and Euler didn’t succeed in giving complete proofs of 
Fermat’s theorems (1.1) until 1772, 40 years after he first read about them. Weil 
discusses the proofs for x? + 2y” and x* + 3y? in [106, pp. 178-179, 191, and 210- 
212], and in Exercises 1.4 and 1.5 we will present a version of Euler’s argument for 
x + 3y?. 


C. p=x?+ny? and Quadratic Reciprocity 


Let’s turn to the general case of p = x? +ny*, where n is now any positive integer. To 
study this problem, it makes sense to start with Euler’s two-step strategy. This won’t 
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lead to a proof, but the Descent and Reciprocity Steps will both suggest some very 
interesting questions for us to pursue. 
The Descent Step for arbitrary n > 0 begins with the identity 


(1.6) (x? + ny*)(z? + nw’) = (xz+ nyw)? + n(xw = yz)* 


(see Exercise 1.1), and Lemma 1.4 generalizes easily for n > 0 (see Exercise 1.3). 
Then suppose that p | x? + ny’. As in the proof of the Descent Step in Theorem 1.2, 
we can assume that |x|, |y| < p/2. For n < 3, it follows that x? + ny” < p? when 
p is odd, and then the argument from Theorem 1.2 shows that p is of the form 
x* + ny* (see Exercise 1.4). One might conjecture that this holds in general, i.e., 
that p | x° + ny? always implies p = x? +ny. Unfortunately this fails even for n = 5: 
for example, 3 | 21 = 17 +5-2? but 3 4.x* + 5y?. Euler knew this, and most likely 
so did Fermat (remember his speculations about x” + 5y”). So the question becomes: 
how are prime divisors of x? +ny? to be represented? As we will see in §2, the proper 
language for this is Lagrange’s theory of quadratic forms, and a complete solution to 
the Descent Step will follow from the properties of reduced forms. 

Turning to the Reciprocity Step for n > 0, the general case asks for congruence 
conditions on a prime p which will guarantee p | x? + ny’. To see what kind of con- 
gruences we need, note that the conditions of (1.1) can be unified by working modulo 
4n. Thus, given n > 0, we’re looking for a congruence of the form p = a, B,... mod 
An which implies p | x? +ny*, gcd(x,y) = 1. To give a modern formulation of this 
last condition, we first define the Legendre symbol (a/p). If a is an integer and p an 
odd prime, then 


0 pla 
(5) = 1 pt{aand a is a quadratic residue modulo p 
—1 p{aand a is a quadratic nonresidue modulo p. 


We can now restate the condition for p | x + ny? as follows: 


Lemma 1.7. Let n be a nonzero integer, and let p be an odd prime not dividing n. 
Then 


p|x+ny’, ged(x,y)=1 <> (=) =|. 


Proof. The basic idea is that if x* + ny? =0 mod p and gcd(x,y) = 1, then y must be 
relatively prime to p and consequently has a multiplicative inverse modulo p. The 
details are left to the reader (see Exercise 1.6). Q.E.D. 


The arguments of the above lemma are quite elementary, but for Euler they were 
not so easy—he first had to realize that quadratic residues were at the heart of the 
matter. This took several years, and it’s fun to watch his terminology evolve: in 1744, 
he writes “‘prime divisors of numbers of the form aa — Nbb” [33, Vol. II, p. 216]; by 
1747 this changes to “residues arising from the division of squares by the prime 
p” [33, Vol. II, p. 313]; and by 1751 the transition is complete—Euler now uses the 
terms “residua” and “non-residua” freely, with the “quadratic” being understood [33, 
Vol. II, p. 343]. 
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Using Lemma 1.7, the Reciprocity Step can be restated as the following question: 
is there a congruence p = a,,8,... mod 4n which implies (—n/p) = 1 when p is 
prime? This question also makes sense when n < 0, and in the following discussion 
n will thus be allowed to be positive or negative. We will see in Corollary 1.19 that 
the full answer is intimately related to the law of quadratic reciprocity, and in fact the 
Reciprocity Step was one of the primary things that led Euler to discover quadratic 
reciprocity. 

Euler became intensely interested in this question in the early 1740s, and he men- 
tions numerous examples in his letters to Goldbach. In 1744 Euler collected together 
his examples and conjectures in the paper Theoremata circa divisores numerorum 
in hac forma paa + qbb contentorum [33, Vol. II, pp. 194-222]. He labels his ex- 
amples as “theorems,” but they are really “theorems found by induction,” which is 
eighteenth-century parlance for conjectures based on working out some particular 
cases. Here are of some of Euler’s conjectures, stated in modern notation: 


(=) =1 <> p=1,7 mod 12 

) =1 <> p=1,3,7,9 mod 20 
) =1 <=> p=1,9,11,15,23,25 mod 28 

(1.8) 

) =! <> p=+!1 mod 12 

) =1 <> p=+1,+11 mod 20 

) =1 <> p=+1,+3,+9 mod 28, 


where p is an odd prime not dividing n. In looking for a unifying pattern, the bottom 
three look more promising because of the -+’s. If we rewrite the bottom half of (1.8) 
using 11 = —9 mod 20 and 3 = —25 mod 28, we obtain 


(5)=1 <> p=+!1 mod 12 


p 
(=) =1 <> p=+1,+9 mod 20 

7 
(7) =1 => p=+1,+25,+9 mod 28. 


All of the numbers that appear are odd squares! 
Before getting carried away, we should note another of Euler’s conjectures: 


6 


(5) =1 <=> p=+1,+5 mod 24. 
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Unfortunately, +5 is not a square modulo 24, and the same thing happens for (10/p) 
and (14/p) . But 3, 5 and 7 are prime, while 6, 10 and 14 are composite. Thus it 
makes sense to make the following conjecture for the prime case: 


Conjecture 1.9. If p and q are distinct odd primes, then 


(4) =1 <> p=+/? mod 4q for some odd integer B. 


Pp 


The remarkable fact is that this conjecture is equivalent to the usual statement of 
quadratic reciprocity: 


Proposition 1.10. If p and q are distinct odd primes, then Conjecture 1.9 is equiva- 


lent to 
(2) (2) = (1) PDEA, 
q Pp 


Proof. Let p* = (—1)—"/? p, Then the standard properties 


=i (p=1)/2 

— )=(-1)" 
oe 
ial) G) 

P P/ \P 
of the Legendre symbol easily imply that quadratic reciprocity is equivalent to 
vs )-() 
q Pp 


(see Exercise 1.7). Since both sides are +1, it follows that quadratic reciprocity can 


be stated as 
(2) =1 => (=) =1. 
Pp q 


Comparing this to Conjecture 1.9, we see that it suffices to show 


(L.11) 


(1.13) (=) =1 <> p=+6? mod 4g, B odd. 
q 


The proof of (1.13) is straightforward and is left to the reader (see Exercise 1.8). 
Q.E.D. 


With hindsight, we can see why Euler had trouble with the Reciprocity Steps for 
x° + 2y? and x? +3y?: he was working out special cases of quadratic reciprocity! 
Exercise 1.9 will discuss which special cases were involved. We will not prove 
quadratic reciprocity in this section, but later in §8 we will give a proof using class 
field theory. Proofs of a more elementary nature can be found in most number theory 
texts. 
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The discussion leading up to Conjecture 1.9 is pretty exciting, but was it what 
Euler did? The answer is yes and no. To explain this, we must look more closely 
at Euler’s 1744 paper. In addition to conjectures like (1.8), the paper also contained 
a series of Annotations where Euler speculated on what was happening in general. 
For simplicity, we will concentrate on the case of (N/p),where N > 0. Euler notes 
in Annotation 13 [33, Vol. II, p. 216] that for such N’s, all of the conjectures have 
the form 

(3) =] <> P=+a mod 4N 

for certain odd values of a. Then in Annotation 16 [33, Vol. II, pp. 216-217], Euler 
states that “while | is among the values [of the a’s], yet likewise any square number, 
which is prime to 4N, furnishes a suitable value for a.” This is close to what we want, 
but it doesn’t say that the odd squares fill up all possible a’s when N is prime. For 
this, we turn to Annotation 14 [33, Vol. II, p. 216], where Euler notes that the number 
of a’s that occur is (1/2)¢(N). When N is prime, this equals (N — 1)/2, the number 
of incongruent squares modulo 4N relatively prime to 4N. Thus what Euler states is 
fully equivalent to Conjecture 1.9. In 1875, Kronecker identified these Annotations 
as the first complete statement of quadratic reciprocity [68, Vol. II, pp. 3-4]. 

The problem is that we have to read between the lines to get quadratic reciprocity. 
Why didn’t Euler state it more explicitly? He knew that the prime case was special, 
for why else would he list the prime cases before the composite ones? The answer 
to this puzzle, as Weil points out [106, pp. 207-209], is that Euler’s real goal was 
to characterize the a’s for all N, not just primes. To explain this, we need to give a 
modern description of the ta’s. The following lemma is at the heart of the matter: 


Lemma 1.14. /f D = 0,1 mod 4 is a nonzero integer, then there is a unique ho- 
momorphism x :(Z/DZ)* — {+1} such that x([p]) = (D/p) for odd primes p not 
dividing D. Furthermore, 


(-1) 1 when D>0O 
x 7 —i when D <0. 


Proof. The proof will make extensive use of the Jacobi symbol. Given m > 0 odd 
and relatively prime to M, recall that the Jacobi symbol (M/m) is defined to be the 


product : 
(n) =) 


where m = p, --- p, is the prime factorization of m. Note that (M/m) = (N/m) when 
M=N mod m, and there are the multiplicative identities 


Gaol, 
Sele 


(1.15) 
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(see Exercise 1.10). The Jacobi symbol satisfies the following version of quadratic 


reciprocity: 
= (m—1)/2 
SE] 
(S)=cn 
2 pes 
m 


M = (-1)%-Den/4 (me 
m M 
(see Exercise 1.10). 


For this lemma, the crucial property of the Jacobi symbol is one usually not men- 
tioned in elementary texts: if m =n mod D, where m and n are odd and positive and 
D=0, 1 mod 4, then 


tm @)-@) 


The proof is quite easy when D = 1 mod 4 and D > 0: using quadratic reciprocity 
(1.16), the two sides of (1.17) become 


(D-1)(m—1)/4 (1m 
| la 
(1) ( =) 


(D-1)(n—1)/4 n 
—] —)}. 
ea ( 5) 


To compare these expressions, first note that the two Jacobi symbols are equal since 
m=nmod D. From D = 1 mod 4 we see that 


(1.18) 


(D—1)(m—1)/4= (D—1)(n—1)/4=0 mod 2 


since m and n are odd. Thus the signs in front of (1.18) are both +1, and (1.17) 
follows. When D is even or negative, a similar argument using the supplementary 
laws from (1.16) shows that (1.17) still holds (see Exercise 1.11). 

It follows from (1.17) that .({m]) = (D/m) gives a well-defined homomorphism 
from (Z/DZ)* to {+1} (see Exercise 1.12), and the statement concerning x([—1]) 
follows from the above properties of the Jacobi symbol (see Exercise 1.12). Finally, 
the condition that x({[p]) = (D/p) for odd primes p determines x uniquely follows 
because x is a homomorphism and every class in (Z/DZ)* contains a positive odd 
number (hence a product of odd primes) by part (a) of Exercise 1.12. Q.E.D. 


The above proof made heavy use of quadratic reciprocity, which is no accident: 
Lemma 1.14 is in fact equivalent to quadratic reciprocity and the supplementary laws 
(see Exercise 1.13). For us, however, the main feature of Lemma 1.14 is that it gives 
a complete solution of the Reciprocity Step of Euler’s strategy: 
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Corollary 1.19. Let n be a nonzero integer, and let x : (Z/4nZ)* — {+1} be the 
homomorphism from Lemma 1.14 when D = —4n. If p is an odd prime not dividing 
n, then the following are equivalent: 


(i) p|x*+ny’, ged(x,y) = 1. 
(ii) (n/p) = 1. 
(iii) [p] € ker(y) C (Z/4nZ)*. 


Proof. (i) and (ii) are equivalent by Lemma 1.7, and since (—4n/p) = (—n/p), (ii) 
and (iii) are equivalent by Lemma 1.14. Q.E.D. 


To see how this solves the Reciprocity Step, write ker(x) = {[a], [4], [y],.-.} 
Then [p] € ker(y) is equivalent to the congruence p = a, 6, y,... mod 4n, which is 
exactly the kind of condition we were looking for. Actually, Lemma 1.14 allows us 
to refine this a bit: when n = 3 mod 4, then congruence can be taken to be of the 
form p = a, 8,7,... mod n (see Exercise 1.14). We should also note that in all cases, 
the usual statement of quadratic reciprocity makes it easy to compute the classes in 
question (see Exercise 1.15 for an example). 

To see how this relates to what Euler did in 1744, let NV be as in our discussion of 
Euler’s Annotations, and let D = 4N in Lemma 1.14. Then ker(y) consists exactly of 
Euler’s +a’s (when N > 0, the lemma also implies that —1 € ker(), which explains 
the + signs). The second thing to note is that when N is odd and squarefree, K = 
ker(x) is uniquely characterized by the following four properties: 


(i) K is a subgroup of index 2 in (Z/4NZ)*. 
(ii) —1 © K when N > Oand —1 ¢ K whenN <0. 


(iii) K has period N if N = 1 mod 4 and period 4N otherwise. (Having period P > 0 
means that if [a], [b] € (Z/4NZ)*, [a] € K and a= b mod P, then [b] € K.) 


(iv) K does not have any smaller period. 


For a proof of this characterization, see Weil [106, pp. 287-291]. In the Annotations 
to his 1744 paper, Euler gives very clear statements of (i)—(ill) (see Annotations 
13-16 in [33, Vol. II, pp. 216—217]), and as for (iv), he notes that N is not a period 
when N £ | mod 4, but says nothing about the possibility of smaller periods (see 
Annotation 20 in [33, Vol. II, p. 219]). So Euler doesn’t quite give a complete char- 
acterization of ker(), but he comes incredibly close. It is a tribute to Euler’s insight 
that he could deduce this underlying structure on the basis of examples like (1.8). 


D. Beyond Quadratic Reciprocity 


We will next discuss some of Euler’s conjectures concerning primes of the form 
x’ +ny? for n > 3. We start with the cases n = 5 and 14 (taken from his 1744 paper), 
for each will have something unexpected to offer us. 
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When n = 5, Euler conjectured that for odd primes p 4 5, 


p=xr+5y? <> p=1,9 mod 20 
(1.20) 4 
2p=x° +5y° <> p=3,7 mod 20. 


Recall from (1.8) that p | x? + Sy? is equivalent to p = 1,3,7,9 mod 20. Hence these 
four congruence classes break up into two groups {1,9} and {3, 7} which have quite 
different representability properties. This is a new phenomenon, not encountered for 
x* + ny* when n < 3. Note also that the classes 3,7 modulo 20 are the ones that 
entered into Fermat’s speculations on x” + Sy’, so something interesting is going on 
here. In §2 we will see that this is one of the examples that led Lagrange to discover 
genus theory. 

The case n = 14 is yet more complicated. Here, Euler makes the following con- 
jecture for odd primes 4 7: 


e+ 14y? os 
p= { 2x2 + Ty? <> p=1,9,15,23,25,39 mod 56 


3p =x + l4y? —> p =3,5,13,19,27,45 mod 56. 


(1.21) 


As with (1.20), the union of the two groups of congruence classes in (1.21) describes 
those primes for which (—14/p) = 1. The new puzzle here is that we don’t seem 
to be able to separate x* + 14y” from 2x” + 7y?. In §2, we will see that this is not 
an oversight on Euler’s part, for the two quadratic forms x” + 14y? and 2x? + 7y? 
are in the same genus and hence can’t be separated by congruence classes. Another 
puzzle is why (1.20) uses 2p while (1.21) uses 3p. In §2 we will use composition 
to explain these facts. One could also ask what extra condition is needed to insure 
p= e+ 14y?, This lies much deeper, for as we will see in §5, it involves the Hilbert 
class field of Q(/—14). 

The final examples we want to discuss come from quite a different source, the 
Tractatus de numerorum doctrina capita sedecim quae supersunt, which Euler wrote 
in the period 1748-1750 [33, Vol. V, pp. 182-283]. Euler intended this work to 
be a basic text for number theory, in the same way that his Introductio in analysin 
infinitorum [33, Vol. VII-IX] was the first real textbook in analysis. Unfortunately, 
Euler never completed the Tractatus, and it was first published only in 1849. Weil 
[106, pp. 192-196] gives a description of what’s in the Tractatus (see also [33, Vol. 
V, pp. XIX-XXVIJ]). For us, the most interesting chapters are the two that deal with 
cubic and biquadratic residues. Recall that a number a is a cubic (resp. biquadratic) 
residue modulo p if the congruence x* = a mod p (resp. x* = a mod p) has an 
integer solution. Euler makes the following conjectures about when 2 is a cubic 
or biquadratic residue modulo an odd prime p: 


p=1mod3 and 2isa 


ae ee 
(hee) Pak aot { cubic residue modulo p 


p=1mod4 and 2 isa 


_ 2 2 
(1.23) pax Oy { biquadratic residue modulo p 
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(see [33, Vol. V, pp. 250 and 258]). In §4, we will see that both of these conjec- 
tures were proved by Gauss as consequences of his work on cubic and biquadratic 
reciprocity. 

The importance of the examples (1.20)—(1.23) is hard to overestimate. Thanks to 
Euler’s amazing ability to find patterns, we now see some of the serious problems to 
be tackled (in (1.20) and (1.21)), and we have our first hint of what the final solution 
will look like (in (1.22) and (1.23)). Much of the next three sections will be devoted 
to explaining and proving these conjectures. In particular, it should be clear that we 
need to learn a lot more about quadratic forms. Euler left us with a magnificent series 
of examples and conjectures, but it remained for Lagrange to develop the language 
which would bring the underlying structure to light. 


E. Exercises 


1.1. In this exercise, we prove some identities used by Euler. 


(a) Prove (1.3) and its generalization (1.6). 
(b) Generalize (1.6) to find an identity of the form 


(ax* + cy*)(az’ + ew) = (?)? +. ac(?)?. 
This is due to Euler [33, Vol. I, p. 424]. 


1.2. Let p be prime, and let f(x) be a monic polynomial of degree d < p. This 
exercise will describe Euler’s proof that the congruence f(x) #0 mod p has a 
solution. Let Af(x) = f(x+1) — f(x) be the difference operator. 


(a) For any k > 1, show that A‘ f(x) is an integral linear combination of 
F(x), Fe + 1)... Fe +K). 
(b) Show that A? f(x) = d!. 
(c) Euler’s argument is now easy to state: if f(x) #0 mod p has no solutions, 
then p | A? f(x) follows from (a). By (b), this is impossible. 
1.3. Let n be a positive integer. 
(a) Formulate and prove a version of Lemma 1.4 when a prime g = x* + ny’ 
divides a number N = a? + nb’. 
(b) Show that your proof of (a) works when n = 3 and gq = 4. 
1.4, In this exercise, we will prove the Descent Steps for x? + 2y? and x? + 3y’. 
(a) If a prime p divides x? + 2y*, gcd(x,y) = 1, then adapt the argument of 
Theorem 1.2 to show that p = x? + 2y’. Hint: use Exercise 1.3. 


(b) Prove that if an odd prime p divides x? + 3y’, gcd(x,y) = 1, then p = 
x’ + 3y?. The argument is more complicated because the Descent Step 
fails for p = 2. Thus, if it fails for some odd prime p, you have to produce 
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an odd prime q < p where it also fails. Hint: part (b) of Exercise 1.3 will 
be useful. 


1.5. If p = 3k +1 is prime, prove that (—3/p) = 1. Hint: 
A(x* — 1) = ( — 1) -4(0* +4 +1) 
= (x — 1)((2* + 1)? +3). 
Note that Exercises 1.4(b) and 1.5 prove Fermat’s theorem for x? + 3y?. 
1.6. Prove Lemma 1.7. 


1.7. Use the properties (1.11) of the Legendre symbol to prove that quadratic reci- 
procity is equivalent to (1.12). 


1.8. Prove (1.13). 


1.9. In this exercise we will see how the Reciprocity Steps for x” + y*, x7 + 2y? and 
x* + 3y? relate to quadratic reciprocity. 


(a) Use Lemma 1.7 to show that for a prime p > 3, 
p|x°+3y’, gcd(x,y) = 1 <> p=1mod3 


is equivalent to 


By (1.12), we recognize this as part of quadratic reciprocity. 


(b) Use Lemma 1.7 and the bottom line of (1.11) to show that the statements 


p\|x+y*, gcd(x,y) =1 <> p=1mod4 
p |x? +2y’, gcd(x,y) =1 => p=1,3 mod 8 


are equivalent to the statements 


(=) = (-1)0-)? 


(=) = (1) P-Y, 
p 


1.10. This exercise is concerned with the properties of the Jacobi symbol (M/m) 
defined in the proof of Lemma 1.14. 


(a) Prove that (M/m) = (N/m) when M = WN mod m. 
(b) Prove (1.15). 


E. EXERCISES 21 


(c) Prove (1.16) using quadratic reciprocity and the two supplementary laws 
(—1/p) = (-1)?-)/2 and (2/p) = (-1)'-/8, Hint: if r and s are 
odd, show that 


(rs —1)/2 = (r—1)/24+ (s—1)/2 mod 2 
(rs? —1)/8 = (r° —1)/8 + (s?—1)/8 mod 2. 


(d) If M is a quadratic residue modulo m, show that (M/m) = 1. Give an 
example to show that the converse is not true. 


1.11. Use (1.15) and (1.16) to complete the proof of (1.17) begun in the text. 


1.12. This exercise is concerned with the map y: (Z/DZ)* — {+1} of Lemma 1.14. 
When mm is odd and positive, we define x([m]) to be the Jacobi symbol (D/m). 


(a) Show that any class in (Z/DZ)* may be written as [m], where m is odd 
and positive, and then use (1.17) to show that x is a well-defined homo- 
morphism on (Z/DZ)*. 


(b) Show that 
ici 1 ifD>0 
x ls apse. 


(c) If D= 1 mod 4, show that 


(21) 1 if D = 1 mod8 
AMES Vg i = Smad 8: 


1.13. In this exercise, we will assume that Lemma 1.14 holds for all nonzero integers 
D=0,1 mod 4, and we will prove quadratic reciprocity and the supplementary 
laws. 


(a) Let p and q be distinct odd primes, and let g* = (—1)%~))/2q. By apply- 
ing the lemma with D = q*, show that (q*/-) induces a homomorphism 
from (Z/qZ)* to {+1}. Since (-/q) can be regarded as a homomorphism 
between the same two groups and (Z/qZ)* is cyclic, conclude that the 
two are equal. 


(b) Use similar arguments to prove the supplementary laws. Hint: apply the 
lemma with D = —4 and 8 respectively. . 


1.14. Use Lemma 1.14 to prove that when n = 3 mod 4, there are integers a, 6,7,... 
such that for an odd prime p not dividing n, p | x? + ny’, gcd(x,y) = 1 if and 
only if p=a,6,7y,... mod n. 


1.15. Use quadratic reciprocity to determine those classes in (Z/84Z)* that satisfy 


(—21/p) = 1. This tells us when p | x? + 21y, and thus solves Reciprocity 
Step when n = 21. 
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1.16. In the discussion following the proof of Lemma 1.14, we stated that K = 
ker(y) is characterized by the four properties (i)-(iv). When D = 4q, where q¢ 
is an odd prime, prove that (i) and (ii) suffice to determine K uniquely. 
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The study of integral quadratic forms in two variables 
f(xy) =axr+bxy+cy’, a,b,cEZ 


began with Lagrange, who introduced the concepts of discriminant, equivalence and 
reduced form. When these are combined with Gauss’ notion of proper equivalence, 
one has all of the ingredients necessary to develop the basic theory of quadratic 
forms. We wili concentrate on the special case of positive definite forms. Here, 
Lagrange’s theory of reduced forms is especially nice, and in particular we will get 
a complete solution of the Descent Step from §1. When this is combined with the 
solution of the Reciprocity Step given by quadratic reciprocity, we will get immedi- 
ate proofs of Fermat’s theorems (1.1) as well as several new results. We will then 
describe an elementary form of genus theory due to Lagrange, which will enable us 
to prove some of Euler’s conjectures from §1, and we will also be able to solve our 
basic question of p = x? + ny? for quite a few n. The section will end with some 
historical remarks concerning Lagrange and Legendre. 


A. Quadratic Forms 


Our treatment of quadratic forms is taken primarily from Lagrange’s “Recherches 
d’Arithmétique” of 1773~1775 [69, pp. 695-795] and Gauss’ Disquisitiones Arith- 
meticae of 1801 [41, §§153-226]. Most of the terminology is due to Gauss, though 
many of the terms he introduced refer to concepts used implicitly by Lagrange (with 
some important exceptions). 

A first definition is that a form ax? + bxy + cy’ is primitive if its coefficients a,b 
and c are relatively prime. Note that any form is an integer multiple of a primitive 
form. We will deal exclusively with primitive forms. 

An integer m is represented by a form f(x,y) if the equation 


(2.1) m= f(x,y) 


has an integer solution in x and y. If the x and y in (2.1) are relatively prime, we say 
that m is properly represented by f(x,y). Note that the basic question of the book 
can be restated as: which primes are represented by the quadratic form x” + ny*? 

Next, we say that two forms f(x,y) and g(x,y) are equivalent if there are integers 
P,q,r and s such that 


(2.2) f(x,y) = g(px+qy,rxt sy) and ps—qr=Hl. 
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Since det(? ?) = ps — qr = +1, this means that (? 7) is in the group of 2 x 2 invert- 
ible integer matrices GL(2, Z), and it follows easily that the equivalence of forms is 
an equivalence relation (see Exercise 2.2). An important observation is that equiva- 
lent forms represent the same numbers, and the same is true for proper representa- 
tions (see Exercise 2.2). Note also that any form equivalent to a primitive form is 
itself primitive (see Exercise 2.2). Following Gauss, we say that an equivalence is 
a proper equivalence if ps — qr = 1, i.e., (4 7) € SL(2,Z), and it is an improper 
equivalence if ps — gr = —1 [41, §158]. Since SL(2, Z) is a subgroup of GL(2, Z), it 
follows that proper equivalence is also an equivalence relation (see Exercise 2.2). 

The notion of equivalence is due to Lagrange, though he simply said that one form 
“can be transformed into another of the same kind” [69, p. 723]. Neither Lagrange 
nor Legendre made use of proper equivalence. The terms “equivalence” and “proper 
equivalence” are due to Gauss [41, §157], and after stating their definitions, Gauss 
promises that “the usefulness of these distinctions will soon be made clear” [41, 
§158]. In §3 we will see that he was true to his word. 

As an example of these concepts, note that the forms ax” + bxy + cy” and ax? — 
bxy + cy’ are always improperly equivalent via the substitution (x,y) > (x,—y). But 
are they properly equivalent? This is not obvious. We will see below that the answer 
is sometimes yes (for 2x? + 2xy + 3y’) and sometimes no (for 3x? + 2xy + Sy’). 

There is a very nice relation between proper representations and proper equiva- 
lence: 


Lemma 2.3. A form f(x,y) properly represents an integer m if and only if f(x,y) is 
properly equivalent to the form mx? + Bxy + Cy’ for some B,C € Z. 


Proof. First, suppose that f(p,q) = m, where p and q are relatively prime. We can 
find integers r and s so that ps — gr = 1. If f(x,y) = ax” + bxy+cy’, then 


f(pxtry,qx+sy) = f(p,q)x* + (2apr + bps + brq + 2cqs)xy + f(r,s)y” 
= mx + Bry +Cy? 


is of the desired form. To prove the converse, note that mx” + Bxy + Cy? represents 
m properly by taking (x,y) = (1,0), and the lemma is proved. Q.E.D. 


We define the discriminant of ax* + bxy + cy* to be D = b* — 4ac. To see how 


this definition relates to equivalence, suppose that the forms f(x,y) and g(x,y) have 
discriminants D and D’ respectively, and that 


f(x,y) = g(px+qy,rxt+sy), — p,qyr,s EZ. 
Then a straightforward calculation shows that 
D = (ps—qr)’D! 


(see Exercise 2.3), so that the two forms have the same discriminant whenever ps — 
qr = +1. Thus equivalent forms have the same discriminant. 
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The sign of the discriminant D has a strong effect on the behavior of the form. If 
f(x,y) = ax? + bxy+ cy’, then we have the identity 


(2.4) 4af (x,y) = (2ax+ by)? — Dy’. 


If D > 0, then f(x,y) represents both positive and negative integers, and we cail 
the form indefinite, while if D < 0, then the form represents only positive integers 
or only negative ones, depending on the sign of a, and f(x,y) is accordingly called 
positive definite or negative definite (see Exercise 2.4). Note that all of these notions 
are invariant under equivalence. 

The discriminant D influences the form in one other way: since D = b* — 4ac, we 
have D = b* mod 4, and it follows that the middle coefficient b is even (resp. odd) if 
and only if D = 0 (resp. 1) mod 4. 

We have the following necessary and sufficient condition for a number m to be 
represented by a form of discriminant D: 


Lemma 2.5. Let D=0,1 mod 4 be an integer and m be an odd integer relatively 
prime to D. Then m is properly represented by a primitive form of discriminant D if 
and only if D is a quadratic residue modulo m. 


Proof. If f(x,y) properly represents m, then by Lemma 2.3, we may assume that 
f(x,y) = mx" + bxy+ cy’. Thus D = b? — 4mc, and D = b* mod m follows easily. 
Conversely, suppose that D = b* mod m. Since m is odd, we can assume that D 
and b have the same parity (replace b by b + m if necessary), and then D = 0, 1 mod 
4 implies that D = b? mod 4m. This means that D = b? — 4mc for some c. Then 
mx? + bxy + cy” represents m properly and has discriminant D, and the coefficients 
are relatively prime since m is relatively prime to D. Q.E.D. 


For our purposes, the most useful version of Lemma 2.5 will be the following 
corollary: 


Corollary 2.6. Let n be an integer and let p be an odd prime not dividing n. Then 
(—n/p) = 1 if and only if p is represented by a primitive form of discriminant —4n. 


Proof. This follows immediately from Lemma 2.5 since —4n is a quadratic residue 
modulo p if and only if (—4n/p) = (—n/p) = 1. QED. 


This corollary is relevant to the question raised in §1 when we tried to generalize 
the Descent Step of Euler’s strategy. Recall that we asked how to represent prime 
divisors of x? + ny, ged(x,y) = 1. Note that Corollary 2.6 gives a first answer to this 
question, for such primes satisfy (—n/p) = 1, and hence are represented by forms of 
discriminant —4n. The problem is that there are too many quadratic forms of a given 
discriminant. For example, if the proof of Lemma 2.5 is applied to (—3/13) = 1, then 
we see that 13 is represented by the form 13x* + 12xy+ 3y’ of discriminant — 12. This 
is not very enlightening. So to improve Corollary 2.6, we need to show that every 
form is equivalent to an especially simple one. Lagrange’s theory of reduced forms 
does this and a lot more. 
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So far, we’ve dealt with arbitrary quadratic forms, but from this point on, we will 
specialize to the positive definite case. These forms include the ones we’re most 
interested in (namely, x + ny” for n > 0), and their theory has a classical simplicity 
and elegance. In particular, there is an especially nice notion of reduced form. 

A primitive positive definite form ax” + bxy + cy’ is said to be reduced if 


(2.7) |b] <a<c, andb > Oif either |b] =a ora=c. 


(Note that a and c are positive since the form is positive definite.) The basic theorem 
is the following: 


Theorem 2.8. Every primitive positive definite form is properly equivalent to a 
unique reduced form. 


Proof. The first step is to show that a given form is properly equivalent to one sat- 
isfying |b] < a<c. Among all forms properly equivalent to the given one, pick 
f(x,y) = ax* + bxy + cy’ so that |b| is as small as possible. If a < |b|, then 


g(x,y) = f(xt+my,y) = ax’ + (2am+ b)xy+cly’ 


is properly equivalent to f(x,y) for any integer m. Since a < |b|, we can choose m 
so that |2am + b| < |b|, which contradicts our choice of f(x,y). Thus a > |b|, and 
c > |b| follows similarly. If a > c, we need to interchange the outer coefficients, 
which is accomplished by the proper equivalence (x,y) +> (—y,x). The resulting 
form satisfies |b] <a<c. 

The next step is to show that such a form is properly equivalent to a reduced one. 
By definition (2.7), the form is already reduced unless b < 0 anda = —bora=c. In 
these exceptional cases, ax” — bxy + cy’ is reduced, so that we need only show that 
the two forms ax’ + bxy + cy’ are properly equivalent. This is done as follows: 


a=—b: (x,y) (x+y,y) takes ax? —axy+cy’ to ax? +axy+cy’. 
a=c :(x,y)++(—y,x) takes ax? +bxy+ay* to ax’ —bxy+ay’. 


The final step in the proof is to show that different reduced forms cannot be prop- 
erly equivalent. This is the uniqueness part of the theorem. If f(x,y) = ax? + bxy+ 
cy’ satisfies |b| < a <c, then one easily shows that 


(2.9) f(x,y) = (a—|b| +.¢)min(2’,y’) 


(see Exercise 2.7). Thus f(x,y) > a—|b|-+c whenever xy 4 0, and it follows that a is 
the smallest nonzero value of f(x,y). Furthermore, if c > a, then c is the next smallest 
number represented properly by f(x,y), so that in this case the outer coefficients of a 
reduced form give the minimum values properly represented by any equivalent form. 
These observations are due to Legendre [74, Vol. I, pp. 77-78]. 

We now prove uniqueness. For simplicity, assume that f(x,y) = ax? + bxy+cy* 
is a reduced form that satisfies the strict inequalities |b] < a <c. Then 


(2.10) a<c<a-—|bl+c, 
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and by the above considerations, these are the three smallest numbers properly rep- 
resented by f(x,y). Using (2.9) and (2.10), it follows that 


f(x,y) =a, ged (x,y) =1 => (x,y) = +(1,0) 
f(x,y) =e, ged (x,y) =1 => (x,y) =+(0,1) 


(2.11) 


(see Exercise 2.8). Now let g(x,y) be a reduced form equivalent to f(x,y). Since 
these forms represent the same numbers and are reduced, they must have the same 
first coefficient a by Legendre’s observation. Now consider the third coefficient c’ 
of g(x,y). We know that a < c’ since g(x,y) is reduced. If equality occurred, then 
the equation g(x,y) = a would have four proper solutions +(1,0) and +(0, 1). Since 
f(x,y) is equivalent to g(x,y), this would contradict (2.11). Thus a < c’, and then 
Legendre’s observation shows that c = c’. Hence the outer coefficients of f(x,y) 
and g(x,y) are the same, and since they have the same discriminant, it follows that 
g(x,y) = ax? + bxy + cy’. 

It remains to show that f(x,y) = g(x,y) when we make the stronger assumption 
that the forms are properly equivalent. If we assume that 


g(x,y) =f(px+qy,rx+sy),  ps—qr=1, 


then a = g(1,0) = f(p,r) and c = g(0,1) = f(q,5) are proper representations. By 
(2.11), it follows that (p,r) = +(1,0) and (g,s) = +(0,1). Then ps — gr = 1 implies 
(24) =+(} 9), and f(x,y) = g(x,y) follows easily. 

When a = |b| or a = c, the above argument breaks down, because the values in 
(2.10) are no longer distinct. Nevertheless, one can still show that f(x,y) and g(x,y) 
reduce to ax? + bxy + cy’, and then the restriction b > 0 in definition (2.7) implies 
equality. (See Exercise 2.8, or for the complete details, Scharlau and Opolka [86, pp. 
36-38].) Q.E.D. 


Note that we can now answer our earlier question about equivalence versus proper 
equivalence. Namely, the forms 3x? + 2xy+ Sy” are clearly equivalent, but since they 
are both reduced, Theorem 2.8 implies that they are not properly equivalent. On the 
other hand, of 2x? + 2xy + 3y’, only 2x? + 2xy + 3y? is reduced (because a = |b]), and 
by the proof of Theorem 2.8, it is properly equivalent to 2x” — 2xy + 3y’. 

In order to complete the elementary theory of reduced forms, we need one more 
observation. Suppose that ax” + bxy + cy* is a reduced form of discriminant D < 0. 
Then b? < a* anda < cc, so that 


—D = 4ac —b’ > 4a* — a’ =3a* 
and thus 


(2.12) a< V(-D)/3. 


If D is fixed, then |b| < aand (2.12) imply that there are only finitely many choices 
for a and b. Since b* — 4ac = D, the same is true for c, so that there are only a 
finite number of reduced forms of discriminant D. Then Theorem 2.8 implies that 
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the number of proper equivalence classes is also finite. Following Gauss [41, §223}, 
we say that two forms are in the same class if they are properly equivalent. We 
will let h(D) denote the number of classes of primitive positive definite forms of 
discriminant D, which by Theorem 2.8 is just the number of reduced forms. We have 
thus proved the following theorem: 


Theorem 2.13. Let D < 0 be fixed. Then the number h(D) of classes of primitive 
positive definite forms of discriminant D is finite, and furthermore h(D) is equal to 
the number of reduced forms of discriminant D. Q.E.D. 


The above discussion shows that there is an algorithm for computing reduced 
forms and class numbers which, for small discriminants, is easily implemented on a 
computer (see Exercise 2.9). Here are some examples that will prove useful later on: 


Reduced Forms of Discriminant D 


—4 1 |2+y 
-8 1 | x2 +2y? 
—12]} 1 |2x#+3y 
(2.14) —20 | 2° | x7 +5y?,2x? + 2xy+4 3y? 
—28 1 | x2+7y? 
—56 | 4° | x24 14y?,2x247y, 3x?+2xy 4+ 5y" 
—108| 3) | x27427y?,4x?+2xy +79 
—256| 4 | x7 + 64y?,4x? + 4xyt 17y?, 5x?+2xy + 139 


Note, by the way, that x? + ny is always a reduced form! For a further discussion 
of the computational aspects of class numbers, see Buell [12] and Shanks [89] (the 
algorithm described in [89] makes nice use of the theory to be described in §3). 

This completes our discussion of positive definite forms. We should also mention 
that there is a corresponding theory for indefinite forms. Its roots reach back to Fer- 
mat and Euler (both considered special cases, such as x — 2y’), and Lagrange and 
Gauss each developed a general theory of such forms. There are notions of reduced 
form, class number, etc., but the uniqueness problem is much more complicated. 
As Gauss notes, “it can happen that many reduced forms are properly equivalent 
among themselves” [41, §184]. Determining exactly which reduced forms are prop- 
erly equivalent is not easy (see Lagrange [69, pp. 728-740] and Gauss [41, §§183- 
193]). There are also connections with continued fractions and Pell’s equation (see 
[41, §§183-—205]), so that the indefinite case has a very different flavor. Two modern 
references are Flath (36, Chapter IV] and Zagier [111, §§8, 13 and 14]. 


B. p= x*+ny? and Quadratic Forms 
We can now apply the theory of positive definite quadratic forms to solve some of the 


problems encountered in §1. We start by giving a complete solution of the Descent 
Step of Euler’s strategy: 
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Proposition 2.15. Let n be a positive integer and p be an odd prime not dividing n. 
Then (—n/p) = 1 if and only if p is represented by one of the h(—4n) reduced forms 
of discriminant —An. 


Proof. This follows immediately from Corollary 2.6 and Theorem 2.8. Q.E.D. 


In §1 we showed how quadratic reciprocity gives a general solution of the Reci- 
procity Step of Euler’s strategy. Having just solved the Descent Step, it makes 
sense to put the two together and see what we get. But rather than just treat the 
case of forms of discriminant —4n, we will state a result that applies to all nega- 
tive discriminants D < 0. Recall from Lemma 1.14 that there is a homomorphism 
x : (Z/DZ)* — {+1} such that x([p]) = (D/p) for odd primes not dividing D. Note 
that ker() C (Z/DZ)* is a subgroup of index 2. We then have the following general 
theorem: 


Theorem 2.16. Let D = 0,1 mod 4 be negative, and let y : (Z/DZ)* — {+1} be 
the homomorphism from Lemma 1.14. Then, for an odd prime p not dividing D, 
[p] € ker(x) if and only if p is represented by one of the h(D) reduced forms of 
discriminant D. 


Proof. The definition of x tells us that [p] € ker(y) if and only if (D/p) = 1. By 
Lemma 2.5, this last condition is equivalent to being represented by a primitive posi- 
tive definite form of discriminant D, and then we are done by Theorem 2.8. Q.E.D. 


The basic content of this theorem is that there is a congruence p = a,{,¥,... 
mod D which gives necessary and sufficient conditions for an odd prime p to be 
represented by a reduced form of discriminant D. This result is very computational, 
for we know how to find the reduced forms, and quadratic reciprocity makes it easy 
to find the congruence classes a, 3,y,... mod D such that (D/p) = 1. 

For an example of how Theorem 2.16 works, note that x? + y*, x + 2y? and 
x’ + 3y* are the only reduced forms of discriminants —4, —8 and —12 respectively 
(this is from (2.14)). Using quadratic reciprocity to find the congruence classes for 
which (—1/p), (—2/p) and (—3/p) equal 1, we get immediate proofs of Fermat’s 
three theorems (1.1) (see Exercise 2.11). This shows just how powerful a theory we 
have: Fermat’s theorems are now reduced to the status of an exercise. We can also 
go beyond Fermat, for notice that by (2.14), x + 7y? is the only reduced form of 
discriminant —28, and it follows easily that 


(2.17) p=xe+Ty? <> p=1,9,11,15,23,25 mod 28 


for primes p # 7 (see Exercise 2.11). Thus we have made significant progress in 
answering our basic question of when p = x? + ny. 

Unfortunately, this method for characterizing p = x* + ny” works only when 
h(—4n) = 1. In 1903, Landau proved a conjecture of Gauss that there are very few 
n’s with this property: 


Theorem 2.18. Let n be a positive integer. Then 


h(—4n) =1 => n=1,2,3,40r7. 
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Proof. We will follow Landau’s proof [70]. The basic idea is very simple: x? + ny” 
is a reduced form, and for n ¢ {1,2,3,4,7}, we will produce a second reduced form 
of the same discriminant, showing that h(—4n) > 1. We may assume n > 1. 

First suppose that n is not a prime power. Then 7 can be written n = ac, where 
1 <a<cand gcd(a,c) = 1 (see Exercise 2.12), and the form 


ax +cy’ 


is reduced of disciminant —4ac = —4n. Thus h(—4n) > 1 when n is not a prime 
power. 
Next suppose that n = 2”. If r > 4, then 


4x? + 4xyt (277? +4 1)y? 


has relatively prime coefficients and is reduced since 4 < 2’-? + 1. Furthermore, it 
has discriminant 4? — 4. 4(2’-? + 1) = —16-2"-? = —4n. Thus h(—4n) > 1 when 
n= 2", r> 4. One computes directly that h(—4-8) = 2 (see Exercise 2.12), which 
leaves us with the known cases n = 2 and 4. 

Finally, assume that n = p’, where p is an odd prime. If n+ 1 can be written 
n+1=ac, where 2 <a<_c and gced(a,c) = 1, then 


ax’+2xy+cy’ 


is reduced of discriminant 2? — 4ac = 4—4(n+ 1) = —4n. Thus h(—4n) > 1 when 
n+1 is not a prime power. But n = p’ is odd, so that n+ 1 is even, and hence it 
remains to consider the case n+ 1 = 2°. If s > 6, then 


8x? + 6xy + (25-3 + 1)y? 


has relatively prime coefficients and is reduced since 8 < 2-3 + 1. Furthermore, it 
has discriminant 6° — 4 -8(2°~3 + 1) = 4—4-25 =4—4(n+ 1) = —4n, and hence 
h(—4n) > 1 when s > 6. The cases s = 1,2,3,4 and 5 correspond to n = 1,3,7,15 
and 31 respectively. Now n = 15 is not a prime power, and one easily computes that 
h(—4-31) =3 (see Exercise 2.12). This leaves us with the three known cases n = 1,3 
and 7, and completes the proof of the theorem. Q.E.D. 


Note that we’ve already discussed the cases n = 1, 2, 3 and 7, and the case n = 4 
was omitted since p = x* + 4y’ is a trivial corollary of p = x? + y’ (p is odd, so that 
one of x or y must be even). One could also ask if there is a similar finite list of odd 
discriminants D < 0 with h(D) = 1. The answer is yes, but the proof is much more 
difficult. We will discuss this problem in §7 and give a proof in §12. 
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C. Elementary Genus Theory 


One consequence of Theorem 2.18 is that we need some new ideas to characterize 
p =x° +ny* when h(—4n) > 1. To get a sense of what’s involved, consider the 
example n = 5. Here, Theorem 2.16, quadratic reciprocity and (2.14) tell us that 


p=1,3,7,9 mod 20 <=> (=) =1 
(2.19) Dp 


<> part 5y? or 2x°-+2xy + 3y’. 


We need a method of separating reduced forms of the same discriminant, and this is 
where genus theory comes in. The basic idea is due to Lagrange, who, like us, used 
quadratic forms to prove conjectures of Fermat and Euler. But rather than working 
with reduced forms collectively, as we did in Theorem 2.16, Lagrange considers the 
congruence classes represented in (Z/DZ)* by a single form, and he groups together 
forms that represent the same classes. This turns out to be the basic idea of genus 
theory! 

Let’s work out some examples to see how this grouping works. When D = —20, 
one easily computes that 


x? + 5y? represents 1,9 in (Z/20Z)* 
(2.20) 
2x?+2xy+3y represents 3,7 in (Z/20Z)* 


while for D = —56 one has 


x?+ 14y?,2x24+7y* represent 1,9,15.23,25,39 in (Z/56Z)* 


2.21 

moe 3x? +2xy+5y? represent 3,5,13,19,27,45 in (Z/56Z)* 

(see Exercise 2.14—the reduced forms are taken from (2.14)). In his memoir on 
quadratic forms, Lagrange gives a systematic procedure for determining the congru- 
ence classes in (Z/DZ)* represented by a form of discriminant D [69, pp. 759-765], 
and he includes a table listing various reduced forms together with the corresponding 
congruence classes [69, pp. 766-767]. The examples in Lagrange’s table show that 
this is a very natural way to group forms of the same discriminant. 

In general, we say that two primitive positive definite forms of discriminant D are 
in the same genus if they represent the same values in (Z/DZ)*. Note that equivalent 
forms represent the same numbers and hence are in the same genus. In particular, 
each genus consists of a finite number of classes of forms. The above examples 
show that when D = —20, there are two genera, each consisting of a single class, and 
when D = —56, there are again two genera, but this time each genus consists of two 
classes. 

The real impact of this theory becomes clear when we combine it with Theo- 
rem 2.16. The basic idea is that genus theory refines our earlier correspondence be- 
tween congruence classes and representations by reduced forms. For example, when 
D = —20, (2.19) tells us that p = 1,3,7,9 mod 20 <== x? + 5y” or 2x” + 2xy + 3y’. 
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If we combine this with (2.20), we obtain 
p=x'4+5y <> p=1,9 mod 20 
p =2x°+2xy+3y <> p=3,7 mod 20 


when p #5 is odd. Note that the top line of (2.22) solves Euler’s conjecture (1.20) for 
when p = x? + Sy”! The thing that makes this work is that the two genera represent 
disjoint values in (Z/20Z)*. Looking at (2.21), we see that the same thing happens 
when D = —56, and then using Theorem 2.16 it is straightforward to prove that 
p=x+14y or2x°+7y? <— > p=1,9,15,23,25,39 mod 56 


p=3xrt2xy+5y <— > p =3,5,13,19,27,45 mod 56 


(2.22) 


(2.23) 


when p # 7 is odd (see Exercise 2.15). Note that the top line proves part of Euler’s 
conjecture (1.21) concerning x? + 14y’. 

In order to combine Theorem 2.16 and genus theory into a general theorem, we 
must show that the above examples reflect the general case. We first introduce some 
terminology. Given a negative integer D = 0,1 mod 4, the principal form is defined 
to be 


gee. D=0mod4 


Pty ty, D=1mod 4. 


It is easy to check that the principal form has discriminant D and is reduced (see 
Exercise 2.16). Note that when D = —4n, we get our friend x*+ny’. Using the 
principal form, we can characterize the congruence classes in (Z/DZ)* represented 
by a form of discriminant D: 


Lemma 2.24. Given a negative integer D =0,1 mod 4, let ker(y) C (Z/DZ)* be as 
in Theorem 2.16, and let f(x,y) be a form of discriminant D. 


(i) The values in (Z/DZ)* represented by the principal form of discriminant D 
form a subgroup H C ker(x). 


(ii) The values in (Z/DZ)* represented by f(x,y) form a coset of H in ker(x). 


Proof. We first show that if a number m is prime to D and is represented by a form of 
discriminant D, then [m] € ker(x). By Exercise 2.1, we can write m = dm’, where 
m’ is properly represented by f(x,y). Then x([m]) = x([d°m']) = x([d])?x([m']) = 
x([m’]). Thus we may assume that m is properly represented by f(x,y), and then 
Lemma 2.5 implies that D is a quadratic residue modulo m, i.e., D = b? — km for 
some b and k. When m is odd, the properties of the Jacobi symbol (see Lemma 1.14) 


imply that 
smn (2) (54) -(2)-(@)= 


and our claim is proved. The case when m is even is covered in Exercise 2.17. 
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We now turn to statements (i) and (ii) of the lemma. Concerning (i), the above 
paragraph shows that H C ker(y). When D = —4n, the identity (1.6) shows that H 
is closed under multiplication, and hence H is a subgroup. When D = | mod 4, the 
argument is slightly different: here, notice that 


1-D 
4 (?+o++3?y) = (2x+y)* mod D, 


which makes it easy to show that H is in fact the subgroup of squares in (Z/DZ)* 
(see Exercise 2.17). 
To prove (ii), we need the following observation of Gauss [41, §228]: 


Lemma 2.25. Given a form f(x,y) and an integer M, then f(x,y) properly repre- 
sents at least one number relatively prime to M. 


Proof. See Exercise 2.18. Q.E.D. 


Now suppose that D = —4n. If we apply Lemma 2.25 with M = 4n and then use 
Lemma 2.3, we may assume that f(x,y) = ax? + bxy + cy’, where a is prime to 4n. 
Since f(x,y) has discriminant —4n, b is even and can be written as 2b’, and then (2.4) 
implies that 

af (x,y) =(ax+b'y) +ny*. 


Since a is relatively prime to 4n, it follows that the values of f(x,y) in (Z/4nZ)* lie 
in the coset [a]~'H. Conversely, if [c] € [a]~'H, then ac = z? + nw? mod 4n for some 
zand w. Using the above identity, it is easy to solve the congruence f(x,y) = c mod 
An, and thus the coset [a]~'H consists exactly of the values represented in (Z/DZ)* 
by f(y). The case D = 1 mod 4 is similar (see Exercise 2.17), and Lemma 2.24 is 
proved. Q.E.D. 


Since distinct cosets of H are disjoint. Lemma 2.24 implies that different genera 
represent disjoint values in (Z/DZ)*. This allows us to describe genera by cosets H’ 
of H in ker(y). We define the genus of H’ to consist of all forms of discriminant D 
which represent the values of H’ modulo D. Then Lemma 2.24 immediately implies 
the following refinement of Theorem 2.16: 


Theorem 2.26. Assume that D =0,1 mod 4 is negative, and let H C ker(x) be as in 
Lemma 2.24. If H’ is a coset of H in ker(x) and p is an odd prime not dividing D. 
then |p| € H’ if and only if p is represented by a reduced form of discriminant D in 
the genus of H'. Q.E.D. 


This theorem is the main result of our elementary genus theory. It generalizes ex- 
amples (2.22) and (2.23), and it shows that there are always congruence conditions 
which characterize when a prime is represented by some form in a given genus. 

For us, the most interesting genus is the one containing the principal form, which 
following Gauss, we call the principal genus. When D = —4n, the principal form is 
x* +ny’, and since x* + ny* is congruent modulo 4n to x* or x? +n, depending on 
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whether y is even or odd, we get the following explicit congruence conditions for 
this case: 


Corollary 2.27. Let n be a positive integer and p an odd prime not dividing n. Then 
p is represented by a form of discriminant —4n in the principal genus if and only if 
for some integer 8, 


p=B or 6? +n mod 4n. QED. 


There is also a version of this for discriminants D = 1 mod 4—see Exercise 2.20. 

The nicest case of Corollary 2.27 is when the principal genus consists of a single 
class, for then we get congruence conditions that characterize p = x? + ny”. This is 
what happened when n = 5 (see (2.22)), and this isn’t the only case. For example, 
the table of reduced forms in Lagrange’s memoir [69, pp. 766-767] shows that the 
same thing happens for n = 6, 10, 13, 15, 21, 22 and 30—for each of these n’s, the 
principal genus consists of only one class (see Exercise 2.21). Corollary 2.27 then 
gives us the following theorems for primes p: 


p=x+6y <> p=1,7 mod 24 
p=x+10y? <> p=1,9,11,19 mod 40 
p=xr+13y <> p=1,9,17,25,29,49 mod 52 
(2.28) p=x+15y? — > p=1,19,31,49 mod 60 
p=xr42ly? <> p=1,25,37 mod 84 
pH=xr422y? —> p=1,9,15,23,25,31,47,49,71,81 mod 88 
p=x2+4+30y? <> p=1,31,49,79 mod 120. 


It should be clear that this is a powerful theory! A natural question to ask is how 
often does the principal genus consist of only one class, i.e., how many theorems 
like (2.28) do we get? We will explore this question in more detail in §3. 

The genus theory just discussed has been very successful, but it hasn’t solved all 
of the problems posed in §1. In particular, we have yet to prove Fermat’s conjecture 
concerning pg = x’ + 5y”, and we’ve only done parts of Euler’s conjectures (1.20) 
and (1.21) concerning x* + 5y* and x” + 14y*. To complete the proofs, we again turn 
to Lagrange for help. 

Let’s begin with x* + 5y*. We’ve already proved the part concerning when a prime 
pcan equal x* + 5y? (see (2.22)), but it remains to show that for primes p and q, we 
have 


(2.29) p,q =3,7 mod 20 => pq=x'+5y’ (Fermat) 
p =3,7 mod 20 => 2p=x°+5y’ (Euler). 


Lagrange’s argument [69, pp. 788-789] is as follows. He first notes that primes 
congruent to 3 or 7 modulo 20 can be written as 2x” + 2xy + 3y? (this is (2.22)), so 
that both parts of (2.29) can be proved by showing that the product of two numbers 
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represented by 2x” + 2xy + 3y’ is of the form x* + 5y’. He then states the identity 


(2.30) (2x?-+4+2xy + 3y*)(2z7-+22w + 3n”) 
= (2xz-+xw + yz+ 3yw)+5(xw — yz)? 


(see Exercise 2.22), and everything is proved! 
Turning to Euler’s conjecture (1.21) for x* + 14y’, we proved part of it in (2.23), 
but we still need to show that 


p = 3,5, 13,19,27,45 mod 56 <=> 3p =x° + Ly’. 


Using (2.23), it suffices to show that 3 times a number represented by 3x*+ 2xy + 
5y’, or more generally the product of any two such numbers, is of the form x* + 14y’. 
So what we need is another identity of the form (2.30), and in fact there is a version 
of (2.30) that holds for any form of discriminant —4n: 


(2.31) (ax? + 2bxy + cy’)(az’ + 2bew + cw’) 
= (axz+ bxw + byz+cyw)? +n(xw — yz)" 


(see Exercise 2.21). Applying this to 3x? + 2xy + 5y* and n = 14, we are done. 

We can also explain one other aspect of Euler’s conjectures (1.20) and (1.21), for 
recall that we wondered why (1.20) used 2p while (1.21) used 3p. The answer again 
involves the identities (2.30) and (2.31): they show that 2 (resp. 3) can be replaced 
by any value represented by 2x? + 2xy + 3y? (resp. 3x? + 2xy + Sy”). But Legendre’s 
observation from the proof of Theorem 2.8 shows that 2 (resp. 3) is the best choice 
because it’s the smallest nonzero value represented by the form in question. We will 
see below and in §3 that identities like (2.30) and (2.31) are special cases of the 
composition of quadratic forms. 

We now have complete proofs of Euler’s conjectures (1.20) and (1.21) for x + Sy” 
and x” + 14y*. Notice that we’ve used a lot of mathematics: quadratic reciprocity, 
reduced quadratic forms, genus theory and the composition of quadratic forms. This 
amply justifies the high estimate of Euler’s insight that was made in §1, and Lagrange 
is equally impressive for providing the proper tools to understand what lay behind 
Euler’s conjectures. 


D. Lagrange and Legendre 


We’ ve already described parts of Lagrange’s memoir “Recherches d’ Arithmétique,” 
but there are some further comments we’d like to add. First, although we credit 
Lagrange with the discovery of genus theory, it appears only implicitly in his work. 
The groupings that appear in his tables of reduced forms are striking, but Lagrange’s 
comments on genus theory are a different matter. On the page before the tables 
begin, Lagrange explains his grouping of forms as follows: “when two different 
[forms] give the same values of b [in (Z/4nZ)*], one combines these [forms] into 
the same case” [69, p. 765]. This is the sum total of what Lagrange says about genus 
theory! 
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After completing the basic theory of quadratic forms (both definite and indefinite), 
Lagrange gives some applications to number theory. To motivate his results, he turns 
to Fermat and Euler, and he quotes from two of our main sources of inspiration: 
Fermat’s 1658 letter to Digby and Euler’s 1744 paper on prime divisors of paa + 
qyy. Lagrange explicitly states Fermat’s results (1.1) on primes of the form x? + ny’, 
n= 1,2 or 3, and he notes Fermat’s speculation that pg = x* + 5y” whenever p and q 
are primes congruent to 3 or 7 modulo 20. Lagrange also mentions several of Euler’s 
conjectures, including (1.20), and he adds “one finds a very large number of similar 
theorems in Volume XIV of the old Commentaires de Pétersbourg [where Euler’s 
1744 paper appeared], but none of them have been demonstrated until now” [69, 
pp. 775-776]. 

The last section of Lagrange’s memoir is titled “Prime numbers of the form 
4nm + b which are at the same time of the form x* + ny’” (69, p. 775]. It’s clear 
that Lagrange wanted to prove Theorem 2.26, so that he could read off corollaries 
like (2.17), (2.22), (2.23) and (2.28). The problem is that these proofs depend on 
quadratic reciprocity, which Lagrange didn’t know in general—he could only prove 
some special cases. For example, he was able to determine (+2/p), (43/p) and 
(+5/p), but he had only partial results for (+7/p). Thus, he could prove all of 
(2.22) but only parts of the others (see [69, pp. 784-793] for the full list of his re- 
sults). To get the flavor of Lagrange’s arguments, the reader should see Exercise 2.23 
or Scharlau and Opolka [86, pp. 41-43]. At the end of the memoir, Lagrange sum- 
marizes what he could prove about quadratic reciprocity, stating his results in terms 


of Euler’s criterion 
ge Dee (5) mod p. 
Pp 


For example, for (2/p), Lagrange states [69, p. 794]: 
Thus, if p is a prime number of one of the forms 8n + 1, 2~)/? — 1 will be 
divisible by p, and if p is of the form 8n + 3,2~)/? + 1 will thus be divisible 
by p. 

We next turn to Legendre. In his 1785 memoir “Recherches d’ Analyse Indéter- 
minée” [75], the two major results are first, a necessary and sufficient criterion for 
the equation 

ax’ + by’ +cz’ =0, a,b,cEZ 


to have a nontrivial integral solution, and second, a proof of quadratic reciprocity. 
Legendre was influenced by Lagrange, but he replaces Lagrange’s “2(?—!)/2 — ] will 
be divisible by p” by the simpler phrase “2-1/2 = 1,” where, as he warns the 
reader, “one has thrown out the multiples of p in the first member” [75, p. 516]. He 
then goes on to state quadratic reciprocity in the following form [75, p. 517): 
c and d being two [odd] prime numbers, the expressions c¢~)/?, g—)/? do 
not have different signs except when c & d are both of the form 4n — 1; in all 
other cases, these expressions will always have the same sign. 


Except for the notation, this is a thoroughly modern statement of quadratic reci- 


procity. Legendre’s proof is a different matter, for it is quite incomplete. We won’t 
examine the proof in detail—this is done in Weil [106, pp. 328-330 and 344-345]. 
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Suffice it to say that some of the cases are proved rigorously (see Exercise 2.24), 
some depend on Dirichlet’s theorem on primes in arithmetic progressions, and some 
are a tangle of circular reasoning. 

In 1798 Legendre published a more ambitious work, the Essai sur la Théorie des 
Nombres. (The third edition [74], published 1830, was titled Théorie des Nombres, 
and all of our references will be to this edition.) Legendre must have been dissatisfied 
with the notation of the “Recherches”, for in the Essai he introduces the Legendre 
symbol (a/p). Then, in a section titled “Theorem containing a law of reciprocity 
which exists between two arbitrary prime numbers,” Legendre states that if n and m 
are distinct odd primes, then 


(2) =rrmrne(a 


(see [74, Vol. I, p. 230]}). This is where our notation and terminology for quadratic 
reciprocity come from. Unfortunately, the Essai repeats Legendre’s incomplete proof 
from 1785, although by the 1830 edition there had been enough criticism of this proof 
that Legendre added Gauss’ third proof of reciprocity as well as one communicated 
to him by Jacobi (still maintaining that his original proof was valid). 

The Essai also contains a treatment of quadratic forms. Like Lagrange, one of 
Legendre’s goals was to prove theorems in number theory using quadratic forms. 
The difference is that Legendre knows quadratic reciprocity (or at least he thinks 
he does), and this allows him to state a version of our main result, Theorem 2.26. 
Legendre calls it his “Théor€me General” [74, Vol. I, p. 299], and it goes as follows: 
if [a] is a congruence class lying in ker(), then 


every prime number comprised of the form 4nx +a... will consequently be 
given by one of the quadratic forms py’ + 2qyz+rz’ which correspond to the 
linear form 4nx + a. 


The terminology here is interesting. Euler and Lagrange would speak of numbers 
“of the form” 4nx +a or “of the form” ax* + bxy + cy’. As the above quote indicates, 
Legendre distinguished these two by calling them linear forms and quadratic forms 
respectively. This is where we get the term “quadratic form.” 

While Legendre’s “Théoréme” makes no explicit reference to genus theory, the 
context shows that it’s there implicitly. Namely, Legendre’s book has tables simi- 
lar to Lagrange’s, with the forms grouped according to the values they represent in 
(Z/DZ)*. Since the explanation of the tables immediately precedes the statement of 
the “Théoréme” [74, Vol. I, pp. 286-298], it’s clear that Legendre’s correspondence 
between linear forms and quadratic forms is exactly that given by Theorem 2.26. 

To Legendre, this theorem “is, without contradiction, one of the most general and 
most important in the theory of numbers” [74, Vol. I, p. 302]. Its main consequence 
is that every entry in his tables becomes a theorem, and Legendre gives several pages 
of explicit examples [74, Vol. I, pp. 305-307]. This is a big advance over what 
Lagrange could do, and Legendre notes that quadratic reciprocity was the key to his 
success [74, Vol. I, p. 307): 


Lagrange is the first who opened the way for the study of these sorts of theo- 
rems. ... But the methods which served the great geometer are not applicable ... 
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except in very few cases; and the difficulty in this regard could not be completely 
resolved without the aid of the law of reciprocity. 


Besides completing Lagrange’s program, Legendre also tried to understand some 
of the other ideas implicit in Lagrange’s memoir. We will discuss one of Legendre’s 
attempts that is particularly relevant to our purposes: his theory of composition. 
Legendre’s basic idea was to generalize the identity (2.30) 


(2x? + 2xy + 3y*)(22” + 2ew + 3w”) 
= (2xz-+-xw + yz t+ 3yw)? + 5(xw — yz)? 


used by Lagrange in proving the conjectures of Fermat and Euler concerning x? + 
5y*. We gave one generalization in (2.31), but Legendre saw that something more 
general was going on. More precisely, let f(x,y) and g(x, y) be forms of discriminant 
D. Then a form F(x, y) of the same discriminant is their composition provided that 


fs y)a(z,w) = F(B,(x,y;2z,w),By(x,y;z,w)) 


where 
B,(x,y32,w) = ajxz + bixw + ciyz + diyw, i=1,2 


are bilinear forms in x,y and z,w. Thus Lagrange’s identity shows that x” + 5y is 
the composition of 2x” + 2xy+ 3y? with itself. And this is not the only example 
we’ve seen—the reader can check that (1.3), (1.6) and (2.31) are also examples of 
the composition of forms. 

A useful consequence of composition is that whenever F(x,y) is composed of 
f(x,y) and g(x,y), then the product of numbers represented by f(x,y) and g(x,y) 
will be represented by F(x,y). This was the idea that enabled us to complete the 
conjectures of Fermat and Euler for x? + Sy and x? + 14y?. 

The basic question is whether any two forms of the same discriminant can be 
composed, and Legendre showed that the answer is yes [74, Vol. II, pp. 27-30]. 
For simplicitly, let’s discuss the case where the forms f(x,y) = ax? + 2bxy + cy’ 
and g(x,y) =a'x? + 2b'xy+c'y* have discriminant —4n, and a and a’ are relatively 
prime (we can always arrange the last condition by changing the forms by a proper 
equivalence). Then the Chinese Remainder Theorem shows that there is a number B 
such that 


B=+b moda 


2.32 
ee) B= +b' moda’. 


It follows that B? + n = b* + (ac — b*) = 0 mod a, so that a | B* +-n. The same holds 
for a’, and thus aa’ | B* +n. Then Legendre shows that the form 


B+n 4 
aa! - 


F(x,y) = aa'x? + 2Bxy + 


is the composition of f(x,y) and g(x,y). A modern account of Legendre’s argument 
may be found in Weil [106, pp. 332-335]), and we will consider this problem (from 
a slightly different point of view) in §3 when we discuss composition in more detail. 
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Because of the + signs in (2.32), two forms in general may be composed in four 
different ways. For example, the forms 14x? + LOxy + 21ly* and 9x* + 2xy + 30y* 
compose to the four forms 


126x? + 38xy + Sy’, 126x? + T4xy + 13y’, 


and it is easy to show that these forms all lie in different classes (see Exercise 2.26). 
Since Legendre used equivalence rather than proper equivalence, he sees two rather 
than four forms here—for him, this operation “leads in general to two solutions” [74, 
Vol. II, p. 28]. 

One of Legendre’s important ideas is that since every form is equivalent to a 
reduced one, it suffices to work out the compositions of reduced forms. The resulting 
table would then give the compositions of all possible forms of that discriminant. 
Let’s look at the case n = 41, which Legendre does in detail in [74, Vol. II, pp. 39- 
40]. He labels the reduced forms as follows: 


A=x+4ly* 
B=2x +2xy+2ly’ 
(2.33) C = 5x" + 4xy + 9y? 


D = 3x" + 2xy+4 14y’ 
E = 6x" + 2xy+Ty’. 


(Legendre writes the forms slightly differently, but it’s more convenient to work with 
reduced forms.) He then gives the following table of compositions: 


AA=A | BB=A | CC=AorB | DD=AorC | EE=AorC 
AB=B | BC=C | CD=DorE | DE=BorC 
(2.34) AC=C | BD=E | CE=DorE 
AD=D | BE=D 
AE=E 


This almost looks like the multiplication table for a group, but the binary operation 
isn’t single-valued. To the modern reader, it’s clear that Legendre must be doing 
something slightly wrong. 

One problem is that (2.33) lists 5 forms, while the class number is 8. (C, D and E 
each give two reduced forms, while A and B each give only one.) This is closely re- 
lated to the ambiguity in Legendre’s operation: as long as we work with equivalence 
rather than proper equivalence, we can’t fix the sign of the middle coefficient 2b of a 
reduced form, so that the + signs in (2.32) are forced upon us. 

This suggests that composition might give a group operation on the classes of 
forms of discriminant D. However, there remain serious problems to be solved. 
Composition, as defined above, is still a multiple-valued operation. Thus one has 
to show that the signs in (2.32) can be chosen uniformly so that as we vary f(x,y) 
and g(x,y) within their proper equivalance classes, the resulting compositions are all 
properly equivalent. Then one has to worry about associativity, inverses, etc. There’s 
a lot of work to be done! 
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This concludes our discussion of Lagrange and Legendre. While the last few 
pages have raised more questions than answers, the reader should still be convinced 
of the richness of the theory of quadratic forms. The surprising fact is that we have 
barely reached the really interesting part of the theory, for we have yet to consider 
the work of Gauss. 


E. Exercises 


2.1. If a form f(x,y) represents an integer m, show that m can be written m = d?m'’, 
where f(x,y) properly represents m’. 


2.2. In this exercise we study equivalence and proper equivalence. 


(a) Show that equivalence and proper equivalence are equivalence relations. 
(b) Show that improper equivalence is not an equivalence relation. 


(c) Show that equivalent forms represent the same numbers, and show that 
the same holds for proper representations. 


(d) Show that any form equivalent to a primitive form is itself primitive. 
Hint: use (c). 


2.3. Let f(x,y) and g(x,y) be forms of discriminants D and D’ respectively, and 
assume that there are integers p,q,r and s such that 


f(x,y) = (px +qy,rxt sy). 


Prove that D = (ps — gr)*D’. 
2.4. Let f(x,y) be a form of discriminant D # 0. 


(a) If D > 0, then use (2.4) to prove that f(x, y) represents both positive and 
negative numbers. 


(b) If D < 0, then show that f(x,y) represents only positive or only negative 
numbers, depending on the sign of the coefficient of x’. 


2.5. Formulate and prove a version of Corollary 2.6 which holds for arbitrary dis- 
criminants. 


2.6. Find a reduced form that is properly equivalent to 126x” + 74xy + 13y?. Hint: 
make the middle coefficient small—see the proof of Theorem 2.8. 


2.7. Prove (2.9) for forms that satisfy |b] <a<c. 
2.8. This exercise is concerned with the uniqueness part of Theorem 2.8. 


(a) Prove (2.11). 
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2.9. 


2.10. 


2.11. 


2.12. 


2.13. 


2.14, 
2.15. 
2.16. 
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(b) Prove a version of (2.11) that holds in the exceptional cases |b| = a or 
a =c, and use this to complete the uniqueness part of the proof of Theo- 
rem 2.8. 


Use a computer algebra system (such as Maple or Mathematica) to write a 
procedure that computes the class number and all reduced forms of a given 
discriminant D < 0. For example, one finds that h(—32767) = 52. If you 
don’t use a computer, then you should check the following examples by hand. 


(a) Verify the entries in table (2.14). 


(b) Compute all reduced forms of discriminants —3, —15, —24, —31 and 
—52. 


This exercise is concerned with indefinite forms of discriminant D > 0, D nota 
perfect square. The last condition implies that the outer coefficients of a form 
with discriminant D are nonzero. 


(a) Adapt the proof of Theorem 2.8 to show that any form of discriminant D 
is properly equivalent to ax? + bxy + cy’, where 


|b| < lal < |e|. 


(b) If ax* + bxy + cy’ satifies the above inequalities, prove that 


VD 


<—. 
ais 5 
(c) Conclude that there are only finitely many proper equivalence classes of 
forms of discriminant D. This proves that the class number h(D) is finite. 


Use Theorem 2.16, quadratic reciprocity and table (2.14) to prove Fermat’s 
three theorems (1.1) and the new result (2.17) for x” + 7y?. 


This exercise is concerned with the proof of Theorem 2.18. 


(a) If m > | is an integer which is not a prime power, prove that m can be 
written m = ac where 1 < a < c and ged(a,c) = 1. 


(b) Show that h(—32) = 2 and h(—124) = 3. 


Use Theorem 2.16, quadratic reciprocity and table (2.14) to prove (2.19), and 
work out similar results for discriminants —3, —15, —24, —31 and —52. 


Prove (2.20) and (2.21). Hint: use Lemma 2.24. 
Prove (2.23). 


Let D be a number congruent to 1 modulo 4, Show that the form x? + xy + 
((1 — D)/4)y? has discriminant D, and show that it is reduced when D < 0. 
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2.17. In this exercise, we will complete the proof of Lemma 2.24 for discriminants 
D=1 mod 4. Let x : (Z/DZ)* > {+1} be as in Lemma 1.14. 


(a) If an even number is properly represented by a form of discriminant D, 
then show that D = 1 mod 8. Hint: use Lemma 2.3. 


(b) If m is relatively prime to D and is represented by a form of discriminant 
D, then show that [m] € ker(x). Hint: use Lemma 2.5 and, when m is 
even, (a) and Exercise 1.12(c). 


(c) Let H Cc (Z/DZ)* be the subgroup of squares. Show that H consists of 
the values represented by x? + xy +((1—D)/4)y?. Hint: use 


1—D 
4 e t+ Py) = (2x+y)? mod D. 


(d) Let f(x,y) be a form of discriminant D. Show that the values in (Z/DZ)* 
represented by f(x,y) form a coset of H in ker(x). Hint: use (2.4). 


2.18. Let f(x,y) = ax” + bxy + cy”, where as usual we assume gced(a,b,c) = 1. 


(a) Given a prime p, prove that at least one of f(1,0), f(0,1) and f(1, 1) is 
relatively prime to p. 


(b) Prove Lemma 2.25. Hint: use (a) and the Chinese Remainder Theorem. 


2.19. Work out the genus theory of Theorem 2.26 for discriminants —15, —24, —31 


and —52. Your answers should be similar to (2.22) and (2.23). 


. 


2.20. Formulate and prove a version of Corollary 2.27 for negative discriminants 
D= 1 mod 4. Hint: by Exercise 2.17(c), H is the subgroup of squares. 


2.21. Prove (2.28). Hint: for each n, find the reduced forms and use Lemma 2.24. 
2.22. Prove (2.30) and its generalization (2.31). 


2.23. The goal of this exercise is to prove that (—2/p) = 1 when p = 1,3 mod 8. The 
argument below is due to Lagrange, and is similar to the one used by Euler in 
his proof of the Reciprocity Step for x? + 2y? (33, Vol. II, pp. 240-281]. 


(a) When p = 1 mod 8, write p = 8k + 1, and then use the identity 
xk] = (ot - 1)? + 2x**) (x* —-1) 


to show that (—2/p) = 1. 


(b) When p = 3 mod 8, assume that (—2/p) = —1. Show that (2/p) = 1, 
and thus by Corollary 2.6, p is represented by a form of discriminant 8. 


(c) Use Exercise 2.10(a) to show that any form of discriminant 8 is properly 
equivalent to +(x” — 2y). 
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2.24. 


2.25. 


2.26. 


2.27. 
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(d) Show that an odd prime p = +(x* — 2y’) is congruent to +1 modulo 8. 
From (a)-(d), it follows easily that (—2/p) = 1 when p = 1,3 mod 8. 


One of the main theorems in Legendre’s 1785 memoir [74, pp. 509-513] states 
that the equation 
ax’ + by’+cz* = 0, 


where abc is squarefree, has a nontrivial integral solution if and only if 


(i) a,b and c are not all of the same sign, and 


(ii) —bce, —ac and —ab are quadratic residues modulo |a], |b| and |c| respec- 
tively. 


As we’ve already noted, Legendre tried to use this result to prove quadratic 
reciprocity. In this problem, we will treat one of the cases where he succeeded. 
Let p and q be primes which satisfy p = 1 mod 4 and q = 3 mod 4, and assume 
that (p/q) = —1 and (q/p) = 1. We will derive a contradiction as follows: 


(a) Use Legendre’s theorem to show that x? + py? — qz* = 0 has a nontrivial 
integral solution. 

(b) Working modulo 4, show that x? + py* — gz” = 0 has no nontrivial integral 
solutions. 


In [106, pp. 339-345], Weil explains why this argument works. 


The opposite of the form ax*+bxy + cy is the form ax?—bxy + cy’. Prove that 
two forms are properly equivalent if and only if their opposites are. 


Verify that 14x? + 10xy+21y* and 9x” + 2xy + 30y? compose to the four forms 
126x? + 74xy + 13y* and 126x* + 38xy + Sy”, and show that they all lie in 
different classes. Hint: use Exercises 2.6 and 2.25. 


Let p be a prime number which is represented by forms f(x,y) and g(x,y) of 
the same discriminant. 


(a) Show that f(x,y) and g(x,y) are equivalent. Hint: use Lemma 2.3, and 
examine the middle coefficient modulo p. 


(b) If f(x,y) = x*+ny’, and g(x,y) is reduced, then show that f(x,y) and 
g(x,y) are equal. 


§3. GAUSS, COMPOSITION AND GENERA 


While genus theory and composition were implicit in Lagrange’s work, these con- 
cepts are still primarily linked to Gauss, and for good reason: he may not have been 
the first to use them, but he was the first to understand their astonishing depth and 
interconnection. In this section we will prove Gauss’ major results on composition 
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and genus theory for the special case of positive definite forms. We will then apply 
this theory to our question concerning primes of the form x* + ny’, and we will also 
discuss Euler’s convenient numbers. These turn out to be those n’s for which each 
genus consists of a single class, and it is still not known exactly how many there are. 
The section will end with a discussion of Gauss’ Disquisitiones Arithmeticae. 


A. Composition and the Class Group 


The basic definition of composition was given in §2: if f(x,y) and g(x,y) are prim- 
itive positive definite forms of discriminant D, then a form F (x,y) of the same type 
is their composition provided that 


f(x, y)g(z,w) = F(Bi(x,y;z,w), Bo(x,y;z,)), 
where 
B,(x,y;z,W) = aixz+ bixw + cxyzt+dyw, i=1,2 


are integral bilinear forms. Two forms can be composed in many different ways, and 
the resulting forms need not be properly equivalent. In §2 we gave an example of two 
forms whose compositions lay in four distinct classes. So if we want a well-defined 
operation on classes of forms, we must somehow restrict the notion of composition. 
Gauss does this as follows: given the above composition data, he proves that 


(3.1) aby —apb} =+f(1,0), ayer — anc, = +8(1,0) 


(see [41, §235] or Exercise 3.1), and then he defines the composition to be a direct 
composition provided that both of the signs in (3.1) are +. 

The main result of Gauss’ theory of composition is that for a fixed discriminant, 
direct composition makes the set of classes of forms into a finite Abelian group [41, 
§§236-240, 245 and 249]. Unfortunately, direct composition is an awkward concept 
to work with, and Gauss’ proof of the group structure is long and complicated. So 
rather than follow Gauss, we will take a different approach to the study of compo- 
sition. The basic idea is due to Dirichlet [28, Supplement X}, though his treatment 
was clearly influenced by Legendre. Before giving Dirichlet’s definition, we will 
need the following lemma: 


Lemma 3.2. Assume that f(x,y) = ax* + bxy+cy? and g(x,y) = a'x? +b'xy+c'y* 
have discriminant D and satisfy gcd(a,a’',(b +b’) /2) = 1 (since b and b’ have the 
same parity, (b+ b’)/2 is an integer). Then there is a unique integer B modulo 2aa’ 
such that 


B = bmod 2a 
B = b' mod 2a’ 
B? = D mod 4aa’. 


Proof. The first step is to put these congruences into a standard form. If a number B 
satisfies the first two, then 
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B’ — (b+ b')B + bb’ = (B—b)(B—b’) =0 mod 4aa’, 
so that the third congruence can be written as 
(b+ b')B = bb’ + D mod 4aa’. 
Dividing by 2, this becomes 
(3.3) (b+b’)/2-B = (bb’ + D)/2 mod 2aa’. 


If we multiply the first two congruences of the lemma by a’ and a respectively and 
combine them with (3.3), we see that the three congruences in the statement of the 
lemma are equivalent to 

a’-B = a'b mod 2aad’ 
(3.4) a-B = ab’ mod 2aa’ 

(b+ b’)/2-B = (bb' + D)/2 mod 2aa’. 

The following lemma tells us about the solvability of these congruences: 
Lemma 3.5. Let p,q1,.--;Pr;dr,m be numbers with gcd(p1,...,pr,m) = 1. Then 


the congruences 


piB = qi mod m, i=1,...,r 


have a unique solution modulo m if and only if for alli, j =1,...,r we have 
(3.6) Pid; = Pjgi mod m. 
Proof. See Exercise 3.3. Q.E.D. 


Since we are assuming gcd(a, a’, (b+b’)/2) = 1, the congruences (3.4) satisfy the 
ged condition of the above lemma, and the compatibility conditions (3.6) are easy 
to verify (see Exercise 3.4). The existence and uniqueness of the desired B follow 
immediately. Q.E.D. 


We now give Dirichlet’s definition of composition. Let f(x,y) = ax? + bxy+ cy’ 
and g(x,y) = a’x? + b'xy + c’y’ be primitive positive definite forms of discriminant 
D <0 which satisfy gcd(a,a’,(b +b')/2) = 1. Then the Dirichlet composition of 
f(x,y) and g(x,y) is the form 


, B’—D 2 
(3.7) F (x,y) = aa'x* + Bry + —;y’; 
4aa 


where B is the integer determined by Lemma 3.2. The basic properties of F (x,y) are: 


Proposition 3.8. Let f(x,y) and g(x,y) be as above. Then the Dirichlet composition 
F (x,y) defined in (3.7) is a primitive positive definite form of discriminant D, and 
F (x,y) is the direct composition of f(x,y) and g(x,y) in the sense of (3.1). 
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Proof. An easy calculation shows that F(x,y) has discriminant D, and the form is 
consequently positive definite. 

The next step is to prove that F(x,y) is the composition of f(x,y) and g(x,y). 
We will sketch here the argument and leave the details to the reader. To begin, let 
C = (B* — D)/4aa’, so that F (x,y) = aa'x* + Bxy + Cy’. Then, using the first two 
congruences of Lemma 3.2, it is easy to prove that f(x,y) and g(x,y) are properly 
equivalent to the forms ax” + Bxy + a’Cy* and a’x? + Bxy + aCy’ respectively. How- 
ever, for these last two forms one has the composition identity 


(ax* + Bry +a'Cy*)(a'2 + Bew + aCw’) = aa’X? + BXY +CY’, 


where X = xz—Cyw and Y = axw+a'yz+ Byw. It follows easily that F (x,y) is the 
composition of f(x,y) and g(x,y). With a little more effort, it can be checked that 
this is a direct composition in Gauss’ sense (3.1). The details of these arguments are 
covered in Exercise 3.5. 

It remains to show that F(x, y) is primitive, i.e., that its coefficients are relatively 
prime. Suppose that some prime p divided all of the coefficients. This would imply 
that p divided all numbers represented by F (x,y). Since F (x,y) is the composition of 
f(x,y) and g(x,y), this implies that p divides all numbers of the form f(x,y)g(z, w). 
But f(x,y) and g(x,y) are primitive, so that by Lemma 2.25, they represent numbers 
relatively prime to p. Hence f(x,y)g(z,w) also represents a number relatively prime 
to p. This contradiction completes the proof of the proposition. Q.E.D. 


While Dirichlet composition is not as general as direct composition (not all direct 
compositions satisfy gcd(a,a’,(b+b/)/2) = 1), it is easier to use in practice since 
there is an explicit formula (3.7) for the composition. Notice also that the congruence 
conditions in Lemma 3.2 are similar to the ones (2.32) used by Legendre. This is no 
accident, for when D = —4n and gcd(a,a’) = 1, Dirichlet’s formula reduces exactly 
to the one given by Legendre (see Exercise 3.6). 

We can now state our main result on composition: 


Theorem 3.9. Let D = 0,1 mod 4 be negative, and let C(D) be the set of classes 
of primitive positive definite forms of discriminant D. Then Dirichlet composition 
induces a well-defined binary operation on C(D) which makes C(D) into a finite 
Abelian group whose order is the class number h(D). 

Furthermore, the identity element of C(D) is the class containing the principal 
form 


D 
iar ed if D=0 mod 4 
1-—D 
x 4+xyt =a if D=1 mod 4, 


and the inverse of the class containing the form ax* + bxy+ cy’ is the class containing 
ax’ — bxy + cy’. 


Remarks. Some terminology is in order here. 
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(i) The group C(D) is called the class group, though we will sometimes refer to 
C(D) as the form class group to distinguish it from the ideal class group to be 
defined later. 


(ii) The principal form of discriminant D was introduced in §2. The class it lies in 
is called the principal class. When D = —4n, the principal form is x? + ny’. 


(iii) The form ax” — bxy + cy’ is called the opposite of ax? + bxy + cy’, so that the 
opposite form gives the inverse under Dirichlet composition. 


Proof. Let f(x,y) = ax” + bxy + cy’ and g(x,y) be forms of the given type. Using 
Lemmas 2.3 and 2.25, we can replace g(x,y) by a properly equivalent form a’x? + 
b'xy + c'y? where gcd(a,a’) = 1. Then the Dirichlet composition of these forms is 
defined, which proves that Dirichlet composition is defined for any pair of classes in 
C(D). To get a group structure out of this, we must then prove that: 


(i) This operation is well-defined on the level of classes, and 
(ii) The induced binary operation makes C(D) into an Abelian group. 


The proofs of (i) and (ii) can be done directly using the definition of Dirichlet com- 
position (see Dirichlet [28, Supplement X] or Flath [36, §V.2]), but the argument is 
much easier using ideal class groups (to be studied in §7). We will therefore post- 
pone this part of the proof until then. For now, we will assume that (i) and (ii) are 
true. 

Let’s next show that the principal class is the identity element of C(D). To com- 
pose the principal form with f(x,y) = ax? + bxy + cy’, first note that the ged condi- 
tion is clearly met, and thus the Dirichlet composition is defined. Then observe that 
B = b satisfies the conditions of Lemma 3.2, so that by formula (3.7), the Dirichlet 
composition F (x,y) reduces to the given form f(x,y). This proves that the principal 
class is the identity. 

Finally, given f(x,y) = ax’ + bxy + cy’, its opposite is f’(x,y) = ax” — bxy + cy’. 
Since gcd(a,a, (b+ (—b))/2) =a may be > 1, we can’t apply Dirichlet composition 
directly. But if we use the proper equivalence (x,y) > (—y,x), then we can replace 
f' (x,y) by g(x,y) = cx? + bxy+ ay’. Since gced(a,c,(b+b)/2) = gced(a,c,b) = 1, 
we can apply Dirichlet’s formulas to f(x,y) and g(x,y). One checks easily that 
B= b satisfies the conditions of Lemma 3.2, so that the Dirichlet composition is 
acx? + bxy + y’. We leave it to the reader to show that this form is properly equivalent 
to the principal form (see Exercise 3.7). This completes the proof of the theorem. 

Q.E.D. 


We can now complete the discussion (begun in §2) of Legendre’s theory of com- 
position. To prevent confusion, we will distinguish between a class (all forms prop- 
erly equivalent to a given form) and a Lagrangian class (all forms equivalent to a 
given one). In Theorem 3.9, we studied the composition of classes, while Legendre 
was concerned with the composition of Lagrangian classes. It is an easy exercise to 
show that the Lagrangian class of a form is the union of its class and the class of its 
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opposite (see Exercise 3.8). Theorem 3.9 implies that a Lagrangian class is the union 
of a class and its inverse in the class group C(D). Thus Legendre’s “operation” is 
the multiple-valued operation that multiplication induces on the set C(D)/~, where 
~ is the equivalence relation that identifies x € C(D) with x—! (see Exercise 3.9). 
In Legendre’s example (2.33), which dealt with forms of discriminant —164, we 
will see shortly that C(—164) ~ Z/82Z, and it is then an easy exercise to show that 
C(—164)/~ is isomorphic to the structure given in (2.34) (see Exercise 3.9). 

Elements of order < 2 in the class group C(D) play a special role in composition 
and genus theory. The reduced forms that lie in such classes are easy to find: 


Lemma 3.10. A reduced form f(x,y) = ax” + bxy + cy’ of discriminant D has order 
< 2 in the class group C(D) if and only ifb =0, a=bora=c. 


Proof. Let f(x,y) be the opposite of f(x,y). By Theorem 3.9, the class of f(x,y) 
has order < 2 if and only if the forms f(x,y) and f’(x,y) are properly equivalent. 
There are two cases to consider: 


|b| <a<c: Here, f’(x,y) is also reduced, so that by Theorem 2.8, 
the two forms are properly equivalent <> b= 0. 
a=bora=c: In these cases, the proof of Theorem 2.8 shows that 


the two forms are always properly equivalent. 
The lemma now follows immediately. Q.E.D. 


For an example of how this works, consider Legendre’s example from §2 of forms 
of discriminant — 164. The reduced forms are listed in (2.33), and Lemma 3.10 shows 
that only 2x” + 2xy + 21y’ has order 2. Since the class number is 8, the structure 
theorem for finite Abelian groups shows that the class group C(— 164) must be Z/8Z. 

A surprising fact is that one doesn’t need to list the reduced forms in order to 
determine the number of elements of order 2 in the class group: 


Proposition 3.11. Let D =0,1 mod 4 be negative, and let r be the number of odd 
primes dividing D. Define the number as follows: if D = 1 mod 4, then p = r, and 
if D=0 mod 4, then D = —4n, where n > 0, and yp is determined by the following 
table: 


n=3mod4 

n=1,2 mod4 r+1 
n=4mod8 r+l1 
n=O0mod 8 r+2 


Then the class group C(D) has exactly 2#~! elements of order < 2. 


Proof. For simplicity, we will treat only the case D = —4n where n = 1 mod 4. Recall 
that a form of discriminant —4n may be written as ax? + 2bxy+ cy’. The basic idea 
of the proof is to count the number of reduced forms that satisfy 2b = 0,a = 2b or 


48 §3. GAUSS, COMPOSITION AND GENERA 


a=c, for by Lemma 3.10, this gives the number of classes of order < 2 in C(—4n). 
Since n is odd, note that r is the number of prime divisors of n. 

First, consider forms with 2b = 0, i.e., the forms ax? + cy’, where ac = n. Since a 
and c must be relatively prime and positive, there are 2” choices for a. To be reduced, 
we must also have a < c, so that we get 2”! reduced forms of this type. 

Next consider forms with a = 2b or a= cc. Write n = bk, where b and k are 
relatively prime and 0 < b < k. As above, there are 2’~! such b’s. Set c = (b+ k)/2, 
and consider the form 2bx? + 2bxy + cy”. One computes that it has discriminant —4n, 
and since n = | mod 4, its coefficients are relatively prime. We then get 2”—! reduced 
forms as follows: 


2b < c: Here, 2bx? + 2bxy + cy’ is a reduced form. 


2b > c: Here, 2bx? + 2bxy + cy’ is properly equivalent to 
cx? + 2(c — b)xy + cy? via (x,y) 4 (—y,x+y). 
Since 2b > c => 2(c —b) <c, the latter is reduced. 


The next step is to check that this process gives all reduced forms with a = 2b or 
a=c. We leave this to the reader (see Exercise 3.10). 

We thus have 2"~! + 2’-! = 2” elements of order < 2, which shows that b= 
r+ 1 in this case. The remaining cases are similar and are left to the reader (see 
Exercise 3.10, Flath [36, §V.5], Gauss [41, §257-258] or Mathews [78, pp. 171- 
173]). Q.E.D. 


This is not the last we will see of the number j, for it also plays an important role 
in genus theory. 


B. Genus Theory 


As in §2, we define two forms of discriminant D to be in the same genus if they 
represent the same values in (Z/DZ)*. Let’s recall the classification of genera given 
in §2. Consider the subgroups H C ker(y) € (Z/DZ)*, where H consists of the 
values represented by the principal form, and x : (Z/DZ)* —>+ {+1} is defined by 
x([p]) = (D/p) for p+ D prime. Then the key result was Lemma 2.24, where we 
proved that the values represented in (Z/DZ)* by a given form f(x,y) are a coset of 
H in ker(x). This coset determines which genus f(x,y) is in. 

Our first step is to relate this theory to the class group C(D). Since all forms in a 
given class represent the same numbers, sending the class to the coset of H C ker(x) 
it represents defines a map 


(3.12) ® :C(D) — ker(x)/H. 


Note that a given fiber ®~'(H"’), H’ € ker(x)/H, consists of all classes in a given 
genus (this is what we called the genus of H’ in Theorem 2.26), and the image of 
® may thus be identified with the set of genera. A crucial observation is that ® is a 
group homomorphism: 
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Lemma 3.13. The map ® which maps a class in C(D) to the coset of values repre- 
sented in ker(y)/H is a group homomorphism. 


Proof. Let f(x,y) and g(x,y) be two forms of discriminant D taking values in the 
cosets H’ and H” respectively. We can assume that their Dirichlet composition 
F (x,y) is defined, so that a product of values represented by f(x,y) and g(x,y) is 
represented by F (x,y). Then F(x,y) represents values in H’H”, which proves that 
H'H" is the coset associated to the composition of f(x,y) and g(x,y). Thus ® is a 
homomorphism. Q.E.D. 


This lemma has the following consequences: 
Corollary 3.14. Let D=0,1 mod 4 be negative. Then: 


(i) All genera of forms of discriminant D consist of the same number of classes. 


(ii) The number of genera of forms of discriminant D is a power of two. 


Proof. The first statement follows since all fibers of a homomorphism have the same 
number of elements. To prove the second, first note that the subgroup H contains all 
squares in (Z/DZ)*. This is obvious because if f(x,y) is the principal form, then 
f(x,0) = x?. Thus every element in ker(x)/H has order < 2, and it follows from 
the structure theorem for finite Abelian groups that ker(y)/H ~ {+1}” for some m. 
Thus the image of ©, being a subgroup of ker(x)/H, has order 2‘ for some k. Since 
®(C(D)) tells us the number of genera, we are done. Q.E.D. 


Note also that 6(C(D)) gives a natural group structure on the set of genera, or as 
Gauss would say, one can define the composition of genera [41, §§246-247]. 

These elementary facts are nice, but they aren’t the whole story. The real depth of 
the relation between composition and genera is indicated by the following theorem: 


Theorem 3.15. Let D=0,1 mod 4 be negative. Then: 


(i) There are 2#~' genera of forms of discriminant D, where ys is the number 
defined in Proposition 3.11. 


(ii) The principal genus (the genus containing the principal form) consists of the 
classes in C(D)?, the subgroup of squares in the class group C(D). Thus every 
form in the principal genus arises by duplication. 

Proof. We first need to give a more efficient method for determining when two forms 
are in the same genus. The basic idea is to use certain assigned characters, which 
are defined as follows. Let pi,...,p, be the distinct odd primes dividing D. Then 
consider the functions: 


xi(a) = (=) defined for a prime to p;, i= 1,...,r 
i 


(a) = (- 
Hija 


pee defined for a odd 
(a) = ( eve defined for a odd. 
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Rather than using all of these functions, we assign only certain ones, depending on 
the discriminant D. When D = 1 mod 4, we define y1,..., x, to be the assigned char- 
acters, and when D = 0 mod 4, we write D = —4n, and then the assigned characters 
are defined by the following table: 


n assigned characters 
n=3mod4 X15-009Xr 
n=1mod4 Xiyee+s Xr 6 
n=2mod8 X1y 000) Xr) O€ 
n=6mod 8 X15--+)Xry€ 
n=4mod8 Xty-+2y X18 
n=O0mod8 Xpye2)X ry O,€ 


Note that the number of assigned characters is exactly the number yu given in Propo- 
sition 3.11. It is easy to see that the assigned characters give a homomorphism 


(3.16) W : (Z/DZ)* — {+1}*. 
The crucial property of V is the following: 


Lemma 3.17. The homomorphism W : (Z/DZ)* —+ {+1} of (3.16) is surjective 
and its kernel is the subgroup H of values represented by the principal form. Thus ¥ 


induces an isomorphism 
(Z/DZ)* /H —> {+1}*. 


Proof. When D = 1 mod 4, the proof is quite easy. First note that if p is an odd prime, 
then for any m > 1, the Legendre symbol (a/p) induces a surjective homomorphism 


(3.18) (-/p) : (Z/p"Z)* — {+1} 


whose kernel is exactly the subgroup of squares of (Z/p”Z)* (see Exercise 3.11). 
Now let D = —[]jL., p;” be the prime factorization of D. The Chinese Remainder 
Theorem tells us that 


(Z/DZ)* = TI Z/pmZ 


so that the map YW can be interpreted as the map 


Lu 


[[(2/p"2)* — {+1} 


i=] 


given by ((a)],...,[@u]) 4 ((a1/p1),---,(@u/py)). By the analysis of (3.18), it fol- 
lows that © is surjective and its kernel is exactly the subgroup of squares of (Z/DZ)*. 
By part (c) of Exercise 2.17, this equals the subgroup H of values represented by the 
principal form x” + xy + ((1 —D)/4)y?, and we are done. 

The proof is more complicated when D = —4n, mainly because the subgroup H 
represented by x + ny” may be slightly larger than the subgroup of squares. How- 
ever, the above argument using the Chinese Remainder Theorem can be adapted to 
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this case. The odd primes dividing n are no problem, but 2 causes considerable 
difficulty (see Exercise 3.11 for the details). Q.E.D. 


We can now prove Theorem 3.15. To prove (i), note that ker() has index 2 in 
(Z/DZ)*. By Lemma 3.17, it follows that ker(x)/H has order 2“—'. We know that 
the number of genera is the order of ®(C(D)) C ker(x)/H, so that it suffices to show 
®(C(D)) = ker(x)/H. Since ® maps a class to the coset of values it represents, we 
need to show that every congruence class in ker() contains a number represented by 
a form of discriminant D. This is easy: Dirichlet’s theorem on primes in arithmetic 
progressions tells us that any class in ker(x) contains an odd prime p. But [p] € 
ker(x) means that y([p]) = (D/p) = 1, so that by Lemma 2.5, p is represented by a 
form of discriminant D, and (i) is proved. 

To prove (ii), let C denote the class group C(D). Since ®: C > ker(x)/ H = 
{+1}#7! is a homomorphism, it follows that C? C ker(®), and we get an induced 
map 


(3.19) c/c? — {41}471. 


We compute the order of C/C? as follows. The squaring map from C to itself gives 
a short exact sequence 


03-G7C3C? 50 


where Cp is the subgroup of C of elements of order < 2. It follows that the index 
[C : C?] equals the order of Co, which is 24~' by Proposition 3.11. 

Thus, in the map given in (3.19), both the domain and the range have the same 
order. But from (i) we know that the map is surjective, so that it must be an isomor- 
phism. Hence C? is exactly the kernel of the map ®. Since ker(®) consists of the 
classes in the principal genus, the theorem is proved. Q.E.D. 


We have now proved the main theorems of genus theory for primitive positive 
definite forms. These results are due to Gauss and appear in the fifth section of Dis- 
quisitiones Arithmeticae [41, §§229-287]. Gauss’ treatment is more general than 
ours, for he considers both the definite and indefinite forms, and in particular, he 
shows that Proposition 3.11 and Theorem 3.15 are true for any nonsquare discrimi- 
nant, positive or negative. His proofs are quite difficult, and at the end of this long 
series of arguments, Gauss makes the following comment about genus theory [41, 


§287]: 
these theorems are among the most beautiful in the theory of binary forms, 
especially because, despite their extreme simplicity, they are so profound that a 
rigorous demonstration requires the help of many other investigations. 


Besides these theorems, there is another component to Gauss’ genus theory not men- 
tioned so far: Gauss’ second proof of quadratic reciprocity [41, §262], which uses 
the genus theory developed above. We will not discuss Gauss’ proof since it uses 
forms of positive discriminant, though the main ideas of the proof are outlined in 
Exercises 3.12 and 3.13. Many people regard this as the deepest of Gauss’ many 
proofs of quadratic reciprocity. 
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Gauss’ approach to genus theory is somewhat different from ours. In Disquisi- 
tiones, genera are defined in terms of the assigned characters introduced in the proof 
of Theorem 3.15. Given a form f(x,y) of discriminant D, let f(x,y) represent a 
number a relatively prime to D. If the jz: assigned characters are evaluated at a, then 
Gauss calls the resulting js-tuple the complete character of f(x,y), and he defines 
two forms of discriminant D to be in the same genus if they have the same com- 
plete character [41, §231]. The following lemma shows that this is equivalent to our 
previous definition of genus: 


Lemma 3.20. The complete character depends only on the form f(x,y), and two 
forms of discriminant D lie in the same genus (as defined in §2) if and only if they 
have the same complete character. 


Proof. Suppose that f(x,y) represents a, where a is relatively prime to D. Then 
Gauss’ complete character is nothing other than U([a]), where W is the map defined 
in (3.16). By Lemma 2.24, the possible a’s lie in a coset H’of H in (Z/DZ)*, and this 
coset determines the genus of f(x,y). Using Lemma 3.17, it follows that the com- 
plete character is uniquely determined by H’, and Lemma 3.20 is proved. Q.E.D. 


We should mention that Gauss’ use of the word “character” is where the modern 
term “group character” comes from. Also, it is interesting to note that Gauss never 
mentions the connection between his characters and Lagrange’s implicit genus the- 
ory. While Gauss’ characters make it easy to decide when two forms belong to the 
same genus (see Exercise 3.14 for an example), they are not very intuitive. Unfor- 
tunately, most of Gauss’ successors followed his presentation of genus theory, so 
that readers were presented with long lists of characters and no motivation whatso- 
ever. The simple idea of grouping forms according to the congruence classes they 
represent was usually not mentioned. This happens in Dirichlet [28, pp. 313-316] 
and in Mathews [78, pp. 132-136], although Smith [95, pp. 202-207] does discuss 
congruence classes. 

So far we have discussed two ways to formulate genera, Lagrange’s and Gauss’. 
There are many other ways to state the definition, but before we can discuss them, we 
need some terminology. We say that two forms f(x, y) and g(x,y) are equivalent over 
a ring R if there is a matrix (? 7) € GL(2,R) such that f(x,y) = g(px+qy,rx+sy). 
If R= Z/mZ, we say that f(x,y) and g(x,y) are equivalent modulo m. We then have 
the following theorem: 


Theorem 3.21. Let f(x,y) and g(x,y) be primitive forms of discriminant D # 0, 
positive definite if D < 0. Then the following statements are equivalent: 


(i) f(x,y) and g(x,y) are in the same genus, i.e., they represent the same values 
in (Z/DZ)*. 


(ii) f(x,y) and g(x,y) represent the same values in (Z/mZ)* for all nonzero inte- 
gers m. 


(iii) f(x,y) and g(x,y) are equivalent modulo m for all nonzero integers m. 
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(iv) f(x,y) and g(x,y) are equivalent over the p-adic integers Z, for all primes p. 


(v) f(x,y) and g(x,y) are equivalent over Q via a matrix in GL(2,Q) whose en- 
tries have denominators prime to 2D. 


(vi) f(x,y) and g(x,y) are equivalent over Q without essential denominator, i.e., 
given any nonzero m, a matrix in GL(2,Q) can be found which takes one form 
to the other and whose entries have denominators prime to m. 


Proof. It is easy to prove (vi) => (iii) => (ii) => (i) and (vi) > (v) => (i) (see Exer- 
cise 3.15), and (iii) + (iv) is a standard argument using the compactness of Z, (see 
Borevich and Shafarevich [8, p. 41] for an analogous case). A proof of (i) => (iii) 
appears in Hua [57, §12.5, Exercise 4], and (i) => (iv) is in Jones [63, pp. 103-104]. 
Finally, the implication (iv) = (vi) uses the Hasse principle for the equivalence of 
forms over Q and may be found in Jones [63, Theorem 40] or Siegel [91]. Q.E.D. 


Some modern texts give yet a different definition, saying that two forms are in the 
same genus if and only if they are equivalent over Q (see, for example, Borevich and 
Shafarevich [8, p. 241]). This characterization doesn’t hold in general (x* + 18y? 
and 2x? + 9y* are rationally equivalent but belong to different genera—see Exer- 
cise 3.16), but it does work for field discriminants, which means that D = 1 mod 4, 
D squarefree, or D = 4k, k #1 mod 4, k squarefree (see Exercise 3.17—we will study 
such discriminants in more detail in §5). According to Dickson [26, Vol. HII, pp. 216 
and 236], Eisenstein suggested in 1852 that genera could be defined using rational 
equivalence, and only later, in 1867, did Smith point out that extra assumptions are 
needed on the denominators. 


C. p= x?+ny? and Euler’s Convenient Numbers 


Our discussion of genus theory has distracted us from our problem of determining 
when a prime p can be written as x* + ny”. Recall from Corollary 2.27 that genus 
theory gives us congruence conditions for p to be represented by a reduced form 
in the principal genus. The nicest case is when every genus of discriminant —4n 
consists of a single class, for then we get congruence conditions that characterize 
p =x" +ny’ (this is what made the examples in (2.28) work). Let’s see if the genus 
theory developed in this section can shed any light on this special case. We have the 
following result: 


Theorem 3.22. Let n be a positive integer. Then the following statements are equiv- 
alent: 


(i) Every genus of forms of discriminant —4n consists of a single class. 


(ii) If ax + bxy + cy? is a reduced form of discriminant —4n, then either b = 0, 
a=bora=c. 


(iii) Two forms of discriminant —4n are equivalent if and only if they are property 
equivalent. 
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(iv) The class group C(—4n) is isomorphic to (Z/2Z)" for some integer m. 
(v) The class number h(—4n) equals 2"—', where 1 is as in Proposition 3.11. 


Proof. We will prove (i) => (ii) > (iii) > (iv) > (v) = (i). Let C denote the class 
group C(—4n). 

Since the principal genus is C? by Theorem 3.15, (i) implies that C? = {1}, so 
that every element of C has order < 2. Then Lemma 3.10 shows that (i) => (ii). 

Next assume (ii), and suppose that two forms of discriminant —4n are equivalent. 
By Exercise 3.8, we know that one is properly equivalent to the other or its opposite. 
We may assume that the forms are reduced, so that by assumption b = 0, a = b or 
a=c. The proof of Theorem 2.8 shows that forms of this type are always properly 
equivalent to their opposites, so that the forms are properly equivalent. This proves 
(ii) => (iii). 

Recall that any form is equivalent to its opposite via (x,y) +> (x,—y). Thus (iii) 
implies that any form and its opposite lie in the same class in C. Since the opposite 
gives the inverse in C by Theorem 3.9, we see that every class is its own inverse. 
The structure theorem for finite Abelian groups shows that the only groups with this 
property are (Z/2Z)”, and (iii) > (iv) is proved. 

Next, Theorem 3.15 implies that the number of genera is [C : C7] = 24—', so that 


(3.23) h(—4n) = |C| = [C : C?]|C?| = 24-"|c?|. 


If (iv) holds, then C? = {1}, and then (v) follows immediately from (3.23). Finally, 
given (v), (3.23) implies that C? = {1}, so that by Theorem 3.15, the principal genus 
consists of a single class. Since every genus consists of the same number of classes, 
(i) follows, and the theorem is proved. Q.E.D. 


Notice how this theorem runs the full gamut of what we’ve done so far: the condi- 
tions of Theorem 3.22 involve genera, reduced forms, the class number, the structure 
of the class group and the relation between equivalence and proper equivalence. For 
computational purposes, the last condition (v) is especially useful, for it only requires 
knowing the class number. This makes it much easier to verify that the examples in 
(2.28) have only one class per genus. 

Near the end of the fifth section of Disquisitiones, Gauss lists 65 discriminants 
that satisfy this theorem [41, §303]. Grouped according to class number, they are: 


n’s with one class per genus 
1,2,3,4,7 
5,6, 8,9, 10, 12,13, 15,16, 18,22, 25,28, 37,58 
21,24, 30, 33,40, 42,45, 48,57, 60, 70, 72, 78, 85, 88, 93, 102, 112 
130, 133, 177, 190,232, 253 


105, 120, 165, 168,210, 240, 273, 280, 312, 330, 345, 357, 385 
408, 462,520,760 


840, 1320, 1365, 1848 
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Gauss was interested in these 65 n’s not for their relation to the question of when 
p =x? +ny’, but rather because they had been discovered earlier by Euler in a dif- 
ferent context. Euler called a number n a convenient number (numerus idoneus) if it 
satisfies the following criterion: 


Let m be an odd number relatively prime to n which is properly represented 
by x +ny’. If the equation m = x +ny* has only one solution with x,y > 0, 
then m is a prime number. 


Euler was interested in convenient numbers because they helped him find large 
primes. For example, working with n = 1848, he was able to show that 


18,518,809 = 1977 + 1848 - 1002 


is prime, a large one for Euler’s time. Convenient numbers are a fascinating topic, 
and the reader should consult Frei [38] or Weil [106, pp. 219-226] for a fuller discus- 
sion. We will confine ourselves to the following remarkable observation of Gauss: 


Proposition 3.24. A positive integer n is a convenient number if and only if for forms 
of discriminant —4n, every genus consists of a single class. 


Proof. We begin with a lemma: 


Lemma 3.25. Let m be a positive odd number relatively prime ton > 1. Then the 
number of ways that m is properly represented by a reduced form of discriminant 


—A4n is 
21] (1 if (=) ) 
p\m P 
Proof. See Exercise 3.20 or Landau [71, Vol. 1, p. 144). Q.E.D. 


This classical lemma belongs to an area of quadratic forms that we have ignored, 
namely the study of the number of representations of a number by a form. To see 
what this has to do with genus theory, note that two forms representing m must lie in 
the same genus, for the values they represent in (Z/4nZ)* are not disjoint. We thus 
get the following corollary of Lemma 3.25: 


Corollary 3.26. Let m be properly represented by a primitive positive definite form 
f(x,y) of discriminant —4n, n > 1, and assume that m is odd and relatively prime to 
n. If r denotes the number of prime divisors of m, then m is properly represented in 
exactly 2+! ways by a reduced form in the genus of f(x,y). Q.E.D. 


Now we can prove the proposition. First, assume that there is only one class per 
genus. If m is properly represented by x” + ny? and m = x? +ny? has a unique solution 
when x,y > 0, then we need to prove that m is prime. The above corollary shows that 
m is properly represented by x* + ny” in 2’+! ways since x? + ny’ is the only reduced 
form in its genus. At least 2’~! of these representations satisfy x,y > 0, and then 
our assumption on m implies that r = 1, i.e., m is a prime power p*. If a > 2, then 
Lemma 3.25 shows that p*~? also has a proper representation, and it follows easily 
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that m has at least two representations in nonnegative integers. This contradiction 
proves that m is prime, and hence n is a convenient number. 

Conversely, assume that n is convenient. Let f(x,y) be a form of discriminant 
—4n, and let g(x,y) be the composition of f(x,y) with itself. We can assume that 
g(x,y) is reduced, and it suffices to show that g(x,y) = x* + ny” (for then every ele- 
ment in the class group has order < 2, which by Theorem 3.22 implies that there is 
one class per genus). 

Assume that g(x,y) 4x? +-ny’, and let p and q be distinct odd primes not divid- 
ing n which are represented by f(x,y). (In §9 we will prove that f(x,y) represents 
infinitely many primes.) Then g(x,y) represents pg, and formula (2.31) shows that 
x* + ny* does too. By Corollary 3.26, pq has only 8 proper representations by re- 
duced forms of discriminant —4n. At least one comes from g(x,y), leaving at most 7 
for x? +ny’. It follows that pq is uniquely represented by x” + ny” when we restrict to 
nonnegative integers. This contradicts our assumption that n is convenient. Q.E.D. 


Gauss never states Proposition 3.24 formally, but it is implicit in the methods he 
discusses for factoring large numbers [41, §§329-334]. 

In §2 we asked how many such n’s there were. Gauss suggests [41, §303] that the 
65 given by Euler are the only ones. In 1934 Chowla [17] proved that the number 
of such n’s is finite, and by 1973 it was known that Euler’s list is complete except 
for possibly one more n (see Weinberger [108]). Whether or not this last n actually 
exists is still an open question. 

From our point of view, the upshot is that there are only finitely many theorems 
like (2.28) where p = x* + ny’ is characterized by simple congruences modulo 4n. 
Thus genus theory cannot solve our basic question for all n. In some cases, such as 
D = —108, it’s completely useless (all three reduced forms x” + 27y? and 4x? + 2xy + 
Ty* lie in the same genus), and even when it’s a partial help, such as D = —56, we’re 
still stuck (we can separate x” + 14y? and 2x? +7y? from 3x? + 2xy + 5y”, but we can’t 
distinguish between the first two). And notice that by part (iii) of Theorem 3.21, 
forms in the same genus are equivalent modulo m for all m 4 0, so that no matter 
how m is chosen, there are no congruences p = a,b,c,... mod m which can separate 
forms in the same genus. Something new is needed. In 1833, Dirichlet described the 
situation as follows [27, Vol. I, p. 201): 


there lies in the mentioned [genus] theory an incompleteness, in that it cer- 
tainly shows that a prime number, as soon as it is contained in a linear form 
[congruence class], necessarily must assume one of the corresponding quadratic 
forms, only without giving any a priori method for deciding which quadratic 
form it will be. ... It becomes clear that the characteristic property of a sin- 
gle quadratic form belonging to a group [genus] cannot be expressed through 
the prime numbers in the corresponding linear forms, but necessarily must be 
expressed by another theory not depending on the elements at hand. 


As we already know from Euler’s conjectures concerning x” + 27y” and x* + 64y” 
(see (1.22) and (1.23)), the new theory we’re seeking involves residues of higher 
powers. Gauss rediscovered Euler’s conjectures in 1805, and he proved them in the 
course of his work on cubic and biquadratic reciprocity. In §4 we will give careful 
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statements of these reciprocity theorems and show how they can be used to prove 
Euler’s conjectures. 


D. Disquisitiones Arithmeticae 


Gauss’ Disquisitiones Arithmeticae covers a wide range of topics in number the- 
ory, including congruences, quadratic reciprocity, quadratic forms (in two and three 
variables), and the cyclotomic fields Q(¢,), ¢, = e2"/"_ There are several excellent 
accounts of what’s in Disquisitiones, notably Buhler [13, Chapter 3], Bachmann [42, 
Vol. X.2.1, pp. 8-40] and Rieger [84], and translations into English and German are 
available (see item [41] in the references). Rather than try to survey the whole book, 
we will instead make some comments on Gauss’ treatment of quadratic reciprocity 
and quadratic forms, for in each case he does things slightly differently from the 
theory presented in §§2 and 3. 

Disquisitiones contains the first published (valid) proof of the law of quadratic 
reciprocity. One surprise is that Gauss never uses the term “quadratic reciprocity.” 
Instead, Gauss uses the phrase “fundamental theorem,” which he explains as follows 
(41, §131]: 

Since almost everything that can be said about quadratic residues depends on 
this theorem, the term fundamental theorem which we will use from now on 
should be acceptable. 


In the more informal setting of his mathematical diary, Gauss uses the term “golden 
theorem” to describe his high regard for quadratic reciprocity [42, Vol. X.1, entries 
16, 23 and 30 on pp. 496-501] (see Gray [44] for an English translation). Likewise 
absent from Disquisitiones is the Legendre symbol, for Gauss uses the notation aRb 
or aNb to indicate whether or not a was a quadratic residue modulo b [41, §131]. 
(The Legendre symbol does appear in some of his handwritten notes—see [42, Vol. 
X.1, p. 53}]—but this doesn’t happen very often.) 

One reason why Gauss ignored Legendre’s terminology is that Gauss discovered 
quadratic reciprocity independently of his predecessors. In a marginal note in his 
copy of Disquisitiones, Gauss states that “we discovered the fundamental theorem by 
induction in March 1795. We found our first proof, the one contained in this section, 
April 1796” [41, p. 468, English editions] or [42, Vol. I, p. 476]. In 1795 Gauss 
was still a student at the Collegium Carolinum in Brunswick, and only later, while at 
Gottingen, did he discover the earlier work of Euler and Legendre on reciprocity. 

Gauss’ proof from April 1796 appears in §§ 135-144 of Disquisitiones. The the- 
orem is stated in two forms: the usual version of quadratic reciprocity appears in 
[41, §131], and the more general version that holds for the Jacobi symbol (which we 
used in the proof of Lemma 1.14) is given in [41, §133]. The proof uses complete 
induction on the prime p, and there are many cases to consider, some of which use 
reciprocity for the Jacobi symbol (which would hold for numbers smaller than p). 
As Gauss wrote in 1808, the proof “proceeds by laborious steps and is burdened by 
detailed calculations” [42, Vol. II, p. 4]. In 1857, Dirichlet used the Jacobi symbol to 
simplify the proof and reduce the number of cases to just two [27, Vol. II, pp. 121- 
138]. It is interesting to note that what Gauss proves in Disquisitiones is actually a bit 
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more general than the usual statement of quadratic reciprocity for the Jacobi symbol 
(see Exercise 3.24). Thus, when Jacobi introduced the Jacobi symbol in 1837 [61, 
Vol. VI, p. 262], he was simply giving a nicer but less general formulation of what 
was already in Disquisitiones. 

As we mentioned in our discussion of genus theory, Disquisitiones also contains 
a second proof of reciprocity that is quite different in nature. The first proof is awk- 
ward but elementary, while the second uses Gauss’ genus theory and is much more 
sophisticated. 

Gauss’ treatment of quadratic forms occupies the fifth (and longest) section of 
Disquisitiones. It is not easy reading, for many of the arguments are very compli- 
cated. Fortunately, there are more modern texts that cover pretty much the same 
material (in particular, see either Flath [36] or Mathews [78]). Gauss starts with the 
case of positive definite forms, and the theory he develops is similar to the first part 
of §2. Then, in [41, §182], he gives some applications to number theory, which are 
introduced as follows: 

Let us now consider certain particular cases both because of their remark- 
able elegance and because of the painstaking work done on them by Euler, who 
endowed them with an almost classical distinction. 


As might be expected, Gauss first proves Fermat’s three theorems (1.1), and then 
he proves Euler’s conjecture for p = x* + Sy” using Lagrange’s implicit genus the- 
ory (his proof is similar to what we did in (2.19), (2.20) and (2.22)). Interestingly 
enough, Gauss never mentions the relation between this example and genus theory. 
In contrast to Lagrange and Legendre, Gauss works out few examples. His one com- 
ment is that “the reader can derive this proposition [concerning x? + Sy*] and an 
infinite number of other particular ones from the preceding and the following discus- 
sions” (41, §182]. 

Gauss always assumed that the middle coefficient was even, so that his forms 
were written f(x,y) = ax” + 2bxy +cy?. He used the ordered triple (a, b,c) to denote 
J (x,y) [41, §153], and he defined its determinant to be b? — ac [41, $154]. Note that 
the discriminant of ax” + 2bxy + cy’ is just 4 times Gauss’ determinant. 

Gauss did not assume that the coefficients of his forms were relatively prime, and 
he organized forms into orders according to the common divisors of the coefficients. 
More precisely, the forms ax” + 2bxy + cy? and a’x? + 2b’xy +c’y? are in the same 
order provided that gcd(a,b,c) = gced(a’,b’,c’) and gcd(a,2b,c) = ged{a’,2b’,c’) 
[41, §226}. To get a better idea of how this works, consider a primitive quadratic 
form ax’ + bxy + cy*. Here, a,b and c are relatively prime integers, and b may be 
even or odd. We can fit this form into Gauss’ scheme as follows: 


b even: Then b = 2b’, and ax” + 2b'xy + cy” satisfies gcd(a,b’,c) = 
gcd(a,2b’,c) = 1. Gauss called forms in this order properly primitive. 
b odd: Then 2ax” + 2bxy + 2cy’ satisfies ged(2a,b,2c) = 1 and 
gced(2a,2b,2c) = 2. He called forms in this order improperly primitive. 


All primitive forms are present, though the ones with b odd appear in disguised form. 
This doesn’t affect the class number but does cause problems with composition. 
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Gauss’ classification of forms thus consists of orders, which are made up of gen- 
era, which are in turn made up of classes. This is reminiscent of the Linnean classi- 
fication in biology, where the categories are class, order, family, genus and species. 
Gauss’ terms all appear on Linneaus’ list, and it is thus likely that this is where Gauss 
got his terminology. Since our current term “equivalence class” comes from Gauss’ 
example of classes of properly equivalent forms, we see that there is an unexpected 
link between modern set theory and eighteenth-century biology. 

Finally, let’s make one comment about composition. Gauss’ theory of composi- 
tion has always been one of the more difficult parts of Disquisitiones to read, and 
part of the reason is the complexity of Gauss’ presentation. For example, the proof 
that composition is associative involves checking that 28 equations are satisfied [41, 
§240]. But a multiplicity of equations is not the only difficulty here—there is also an 
interesting conceptual issue. Namely, in order to define the class group, notice that 
Gauss has to put the structure of an abstract Abelian group on a set of equivalence 
classes. Considering that we’re talking about the year 1801, this is an amazing level 
of abstraction. But then, Disquisitiones is an amazing book. 


E. Exercises 


3.1. Assume that F (x,y) = Ax” + Bxy + Cy is the composition of the two forms 
f(x,y) = ax? + bxy + cy’ and g(x,y) =a'x? + b'xy + c’y* via 


F(x, y)g(z,w) = F(ayxz+ bixw + cyyz+ diyw, azxz 
+ boxw + cryz + dzyw), 


and suppose that all three forms have discriminant D 4 0. The goal of this 
exercise is to prove Gauss’ formulas (3.1). 


(a) By specializing the variables x,y,z and w, prove that 


aa’ = Aa’ + Baya) + Cas 
ac! = Abt + Bb\b) +Cb} 
ab’ = 2Aa,b, + B(ayb2 + azb;) + 2Carbp. 


Hint: for the first one, try x = z= 1 andy=w=0. 
(b) Prove that a = +(a,b2 — a2b,). Hint: prove that 


a’(b? — 4a'c’) = (a,b — arb,)*(B* — 4AC). 
(c) Prove that a’ = +(a,c2 — arc). 


3.2. Show that the compositions given in (2.30) and (2.31) are not direct composi- 
tions. 


3.3. Prove Lemma 3.5. Hint: there are a,a),...,a, such that am + D!_,ajp; = 1. 


i=1 
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3.4. Verify that the congruences (3.4) satisfy the compatibility conditions stated in 
Lemma 3.5. 


3.5. Assume that f(x,y) = ax? + bxy+cy’, g(x,y) =a'x* + b’xy+c’y’ and B are as 
in Lemma 3.2. We want to show that aa’x” + Bry + Cy’, C = (B? — D)/4aa’, 
is the direct composition of f(x,y) and g(x,y). 


(a) Show that f(x,y) and g(x, y) are properly equivalent to ax* + Bry +a/Cy* 
and a’x* + Bxy + aCy’ respectively. Hint: use B = b mod 2a for f(x,y). 


(b) Let X = xz—Cyw and Y = axw +.a’'yz+ Byw. Then show that 


(ax? + Bxy +a'Cy’)(a’'? + Bew +. aCw’) 
= aa'X? + BXY +CY’. 


Furthermore, show that this is a direct composition in the sense of (3.1). 
Hint: first show that 


(ax + (B+ VD)y/2)(a'z+ (B+ VD)w/2) 
=aa'X +(B+VD)Y/2. 


(c) Suppose that a form G(x, y) is the direct composition of forms h(x, y) and 
k(x,y). If h(x, y) is properly equivalent to h(x,y), then show that G(x, y) 
is also the direct composition of h(x,y) and k(x, y). 


(d) Use (a)—(c) to show that Dirichlet composition is a direct composition. 


3.6. This problem studies the relation between Legendre’s and Dirichlet’s formulas 
for composition. 


(a) Suppose that f(x,y) = ax* + 2bxy + cy’ and g(x,y) =a'x? +2b'xy +c'y* 
have the same discriminant and satisfy gcd(a,a’) = 1. Show that the 
Dirichlet composition of these forms is the one given by Legendre’s for- 
mula with both signs + in (2.32). 


(b) In Exercise 2.26, we saw that 14x? + 10xy + 21y? and 9x + 2xy + 30y? 
can be composed to obtain 126x? + 74xy + 13y’ and 126x? + 38xy + Sy’. 
Which one of these four is the direct composition of the original two 
forms? 


3.7. Show that acx* + bxy + y’ is properly equivalent to the principal form. 


3.8. For us, a class consists of all forms properly equivalent to a given form. Let a 
Lagrangian class (this terminology is due to Weil [106, p. 319]) consist of all 
forms equivalent (properly or improperly) to a given form. 


(a) Prove that the Lagrangian class of a form is the union of the class of the 
form and the class of its opposite. 
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(b) Show that the following statements are equivalent: 


(i) The Lagrangian class of f(x,y) equals the class of f(x,y). 
(ii) f(x,y) is properly equivalent to its opposite. 
(iii) f(x,y) is properly and improperly equivalent to itself. 
(iv) The class of f(x,y) has order < 2 in the class group. 


3.9. In this problem we will describe the “almost” group structure given by Leg- 
endre’s theory of composition. Let G be an Abelian group and let ~ be the 
equivalence relation which identifies a~! and a for all a € G. 


(a) Show that multiplication on G induces an operation on G/~ which takes 
either one or two values. Furthermore, if a, b € G and [a], (b] are their 
classes in G/~, then show that [a] - [b] takes on only one value if and only 
if a, b or ab has order < 2 in G. 


(b) If G is cyclic of order 8, show that G/~ is isomorphic (in the obvious 
sense) to the structure given by (2.33) and (2.34). 


(c) If C(D) is the class group of forms of discriminant D, show that C(D) /~ 
can be naturally identified with the set of Lagrangian classes of forms of 
discriminant D (see Exercise 3.8). 


3.10. Complete the proof of Proposition 3.11 for the case D = —4n, n = 1 mod 4, 
“and prove all of the remaining cases. 


3.11. This exercise is concerned with the proof of Lemma 3.17. 
(a) Prove that the map (3.18) is surjective and its kernel is the subgroup of 
squares. 


(b) We next want to prove the lemma when D = —4n,n > 0. Write n = 2°m 
where 7m is odd, so that we have an isomorphism 


(Z/DZ)* ~ (Z/2°*?Z)* x (Z/mZ)*. 


Let H denote the subgroup of values represented by x*+-ny’. 
(i) Show that H = H, x (Z/mZ)** for Hy = HN((Z/24+?Z)* x {1}). 
(ii) When a > 4, show that H, = (Z/2°+?Z)**, where H is as in (i). 


Hint: the description of (Z/2¢+*Z)* given in Ireland and Rosen [59, 
§4.1] will be useful. 


(iii) Prove Lemma 3.17 when D = 0 mod 4. Hint: treat the cases a = 0, 
1, 2, 3 and > 4 separately. See also Ireland and Rosen [59, §4.1]. 


3.12. In Exercises 3.12 and 3.13 we will sketch Gauss’ second proof of quadratic 
reciprocity. There are two parts to the proof: first, one shows, without using 
quadratic reciprocity, that for any nonsquare discriminant D, 


(*) the number of genera of forms of discriminant D is < 2#—!, 
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where y is defined in Proposition 3.11, and second, one shows that (*) implies 
quadratic reciprocity. This exercise will do the first step, and Exercise 3.13 
will take care of the second. 


We proved in Exercise 2.10 that when D > 0 is not a perfect square, there 
are only finitely many proper equivalence classes of primitive forms of dis- 
criminant D. The set of equivalence classes will be denoted C(D), and as in 
the positive definite case, C(D) becomes a finite Abelian group under Dirich- 
let composition (we will prove this in the exercises to §7). We will assume 
that Proposition 3.11 and Theorem 3.15 hold for all nonsquare discriminants 
D. This is where we pay the price for restricting ourselves to positive defi- 
nite forms—the proofs in the text only work for D < 0. For proofs of these 
theorems when D > 0, see Flath (36, Chapter V], Gauss (41, §§257—258] or 
Mathews [78, pp. 171-173]. 


To prove (x), let D be any nonsquare discriminant, and let C denote the 
class group C(D). Let H Cc (Z/DZ)* be the subgroup of values represented 
by the principal form. 


(a) Show that genera can be classified by cosets of H in (Z/DZ)*. Thus, 
instead of the map ® of (3.12), we can use the map 


& :C — (Z/DZ)*/H, 


so that ker(®’) is the principal genus and ®’(C) is the set of genera. Note 
that this argument does not use quadratic reciprocity. 


(b) Since H contains all squares in (Z/DZ)*, it follows that C? C ker(®)’. 
Now adapt the proof of Theorem 3.15 to show that 


the number of genera is < [C:C*]=247', 


where the last equality follows from Proposition 3.11. This proves (+). 


3.13. In this exercise we will show that quadratic reciprocity follows from statement 


(*) of Exercise 3.12. As we saw in §1, it suffices to show 


()-1=() 
q Pp 
where p and q are distinct odd primes and p* = (—1)-))/2p, 


(a) Show that Lemma 3.17 holds for all nonsquare discriminants D, so that 
we can use the assigned characters to distinguish genera. 


(b) Assume that (p*/q) = 1. Applying Lemma 2.5 with D = p* shows that 
q is represented by a form f(x,y) of discriminant p*. The number pu 
from Proposition 3.11 is 1, so that by (*), there is only one genus. Hence 
the assigned character (there is only one in this case) must equal | on 


3.14. 


3.15. 
3.16. 


3.17. 


3.18. 
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any number represented by f(x,y), in particular g. Use this to prove that 
(q/p) = 1. This proves that (p*/q) = 1 => (q/p) =1. 

(c) Next, assume that (g/p) = 1 and that either p = 1 mod 4 or g = 1 mod 
4. Use part (b) to show that (p*/q) = 1. 


(d) Finally, assume that (¢/p) = 1 and that p=q=3 mod 4. This time 
we will consider forms of discriminant pq. Proposition 3.11 shows that 
pt = 2, so that by (*), there are at most two genera. Furthermore, the 
assigned characters are x; (a) = (a/p) and y2(a) = (a/q). Now consider 
the form f(x,y) = px? + pxy+((p—q)/4)y’, which is easily seen to have 
discriminant pq. Letting (x,y) = (0,2), it represents p — gq. Use this to 
compute the complete character of the forms f(x,y) and —f(x,y), and 
show that one of these must lie in the principal genus since there are at 
most two genera. Then show that (—p/q) = 1. Note that parts (c) and 
(d) imply that (¢/p) = 1 = (p*/q) = 1, which completes the proof of 
quadratic reciprocity. 


(e) Gauss also used (*) to show that (2/p) = (—1)°~)/8, Adapt the argu- 
ment given above to prove this. Hint: when p = 3,5 mod 8, show that 
p is properly represented by a form of discriminant 8. When p = 1 mod 
8, note that the form 2x? + xy + ((1 — p)/8)y* has discriminant p and 
represents 2, and the argument is similar when p = 7 mod 8. 


Use Gauss’ definition of genus to divide the forms of discriminant —164 into 
genera. Hint: the forms are given in (2.33). Notice that this is much easier 
than working with our original definition! 


Prove (vi) => (iii) = (ii) > (i) and (vi) > (v) => (i) of Theorem 3.21. 


Prove that the forms x? + 18y* and 2x? + 9y* are rationally equivalent but be- 
long to different genera. Hint: if they represent the same values in (Z/72Z)*, 
then the same is true for any divisor of 72. 


Let D be a field discriminant, i.e., D = 1 mod 4, D squarefree, or D= 4k, k #1 
mod 4, k squarefree. Let f(x,y) and g(x,y) be rationally equivalent forms of 
discriminant D. We want to prove that they lie in the same genus. 


(a) Let m be prime to D and represented by g(x,y). Show that f(x,y) repre- 
sents d*m for some nonzero integer d. 


(b) Show that f(x,y) and g(x,y) lie in the same genus. Hint: by Exercise 2.1, 
f(x,y) properly represents m’ where d’*m’ = d?m for some integer d’. 
Show that m’ is relatively prime to D. To do this, use Lemma 2.3 to write 
f(xy) =m’? + bxy t+ cy’. 


When D = —4n is a field discriminant, we can use Theorem 3.21 to give a 
different proof that every form in the principal genus is a square (this is part 
(ii) of Theorem 3.15). Let f(x,y) be a form of discriminant —4n which lies in 
the principal genus. 
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(a) Show that f(x,y) properly represents a number of the form a”, where a 
is odd and relatively prime to n. Hint: use part (v) of Theorem 3.21. 

(b) By (a), we may assume that f(x,y) = a?x? + 2bxy+cy*. Show that 
gcd(a,2b) = 1, and conclude that g(x,y) = ax? + 2bxy + acy’ has rel- 
atively prime coefficients and discriminant —4n. 


(c) Show that f(x,y) is the Dirichlet composition of g(x,y) with itself. 


This argument is due to Arndt (see Smith [95, pp. 254-256]), though Arndt 
proved (a) using the theorem of Legendre discussed in Exercise 2.24. Note 
that (a) can be restated in terms of ternary forms: if f(x,y) is in the principal 
genus, then (a) proves that the ternary form f(x,y) — z* has a nontrivial zero. 
This result shows that there is a connection between ternary forms and genus 
theory. It is therefore not surprising that Gauss used ternary forms in his proof 
of Theorem 3.15. 


3.19. Let C(D) be the class group of forms of discriminant D < 0. Prove that the 
following statements are equivalent: 


(i) Every genus of discriminant D consists of a single class. 
(ii) C(D) ~ {£1} 47 |, where yp is as in Proposition 3.11. 


(iii) Every genus of discriminant D consists of equivalent forms. 


3.20. In this exercise we will prove Lemma 3.25. Let m > 0 be odd and prime to 
n>. 


(a) Show that the number of solutions modulo m of the congruence 


x? =-nmodm 
is given by the formula 
DG): 
p 
pim 


(b) Consider forms g(x,y) of discriminant —4n of the form 
g(x,y) =m + 2bxytcy’, OSb<m. 


Show that the map sending g(x,y) to [b] € (Z/mZ)* induces a bijection 
between the g(x, y)’s and the solutions modulo m of x? = —n mod m. 


(c) Let f(x,y) have discriminant —4n and let f(u,v) = m be a proper repre- 
sentation. Pick ro, so, so that uso — vro = 1, and set r = ro-t uk, s = So +vk. 
Note that as k € Z varies, we get all solutions of us — vr = 1. Then set 


g(x,y) = f(ux+ry,vx+sy) 
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and show that there is a unique k € Z such that g(x,y) satisfies the con- 
dition of (b). This form is denoted g,,(x,y). 


(d) Show that the map sending a proper representation f(u,v) = m to the 
form g,,,(x,y) is onto. 


(e) If 8u',v (x,y) — 8u,v(X,y)s let 


a B\_ (uw v\7'(u v 

y 6) \r s! r s}° 
Show that f(ax + By, yx + dy) = f(x,y) and, since n > 1, show that 
(5 %) =+(19). Hint: assume that f(x,y) is reduced, and use the ar- 
guments from the uniqueness part of the proof of Theorem 2.8. 

(f) Conclude that gy »(x,y) = gu,v(x,y) if and only if (u’,v’) = +(u,v), so 

that the map of (d) is exactly two-to-one. Combining this with (a) and 
(b), we get a proof of Lemma 3.25. 


3.21. This exercise will use Lemma 3.25 to study the equation m> = a? + 2b?. 


(a) If mis odd, use Lemma 3.25 to show that the equations m = x* + 2y* and 
m> = x* +2y? have the same number of proper solutions. 


(b) If m = a* + 2b’ is a proper representation, then show that 
P 
m = (a? — 6ab’)* + 2(3a*b — 26°)? 


is a proper representation. 


(c) Show that the map sending (a,b) to (a — 6ab?, 3a*b — 2b*) is injective. 
Hint: note that 


(a+ by/—2)? = (a’ — 6ab?) + (3a°b — 2b*) /—2. 


(d) Combine (a) and (c) to show that all proper representations of m? = x? + 
2y?, m odd, arise from (b). 


3.22. Use Exercise 3.21 to prove Fermat’s famous result that (x,y) = (3,45) are 
the only integral solutions of the equation x* = y* +2. Hint: first show that x 
must be odd, and then apply Exercise 3.21 to the proper representation x° = 
y*+2-17. It’s likely that Fermat’s original proof of this result was similar to the 
argument presented here, though he would have used a version of Lemma 1.4 
to prove part (c) of Exercise 3.21. See Weil [106, pp. 68-69 and 71-73] for 
more details. 


3.23. Let p be an odd prime of the form x?-+ny’, n > 1. Use Lemma 3.25 to show 
that the equation 
p=x'+ny 
has a unique solution once we require x and y to be nonnegative. Note also 
that Lemma 3.25 gives a very quick proof of Exercise 2.27. 
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3.24. This exercise will examine a generalization of the Jacobi symbol. Let P and 
Q be relatively prime nonzero integers, where Q is odd but possibly negative. 
Then define the extended Jacobi symbol (P/Q) via 


ee (P/\Ol) when |Q| > 1 
Q) 1 when |Q| = 1. 


(a) Prove that when P and @ are odd and relatively prime, then 


(2) () = (1) “D(H /4+e(s00(P)}—1(680(0)-1)/4 
P 


where sgn(P) = P/|P|. 


(b) Gauss’ version of (a) is more complicated to state. First, given P and 
Q as above, he lets p denote the number of prime factors of Q (counted 
with multiplicity) for which P is not a quadratic residue. This relates to 


(P/Q) by the formula 
P\ te 
(s)=cr 


Interchanging P and Q, we get a similarly defined number q. To relate 
the parity of p and q, Gauss states a rule in [41, §133] which breaks up 
into 10 separate cases. Verify that the rule proved in (a) covers all 10 of 
Gauss’ cases. 


(c) Prove the supplementary laws: 
—1 = 
(+) = sgn(P)(—1)°-2/? 


(5) = (18-4. 


3.25. Let p = | mod 8 be prime. 


(a) If C(—4p) is the class group of forms of discriminant —4p, then use 
genus theory to prove that 


C(—4p) © (Z/2°Z) x G 


where a > | and G has odd order. Thus 2 | h(—4p). 


(b) Let f(x,y) = 2x? + 2xy+4 ((p+ 1)/2)y’. Use Gauss’ definition of genus 
to show that f(x,y) is in the principal genus. 


(c) Use Theorem 3.15 to show that C(—4p) has an element of order 4. Thus 
4|h(~4p). 
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§4. CUBIC AND BIQUADRATIC RECIPROCITY 


In this section we will study cubic and biquadratic reciprocity and use them to prove 
Euler’s conjectures for p = x? + 27y* and p = x? + 64y* (see (1.22) and (1.23)). An 
interesting feature of these reciprocity theorems is that each one requires that we 
extend the notion of integer: for cubic reciprocity we will use the ring 


(4.1) Z[w| = {a+ bw: a,b € Z}, w= ei/3 — (-1 + /—3)/2, 
and for biquadratic reciprocity we will use the Gaussian integers 
(4.2) Zi] = {a+ bi: a,b € Z}, i=vV-1. 


Both Z[w] and Z[i] are subrings of the complex numbers (see Exercise 4.1). Our first 
task will be to describe the arithmetic properties of these rings and determine their 
units and primes. We will then define the generalized Legendre symbols (a/7)3 and 
(a/7)4 and state the laws of cubic and biquadratic reciprocity. The proofs will be 
omitted since excellent proofs are already available in print (see especially Ireland 
and Rosen [59, Chapter 9]). At the end of the section we will discuss Gauss’ work 
on reciprocity and say a few words about the origins of class field theory. 


A. Zw] and Cubic Reciprocity 


The law of cubic reciprocity is intimately bound up with the ring Z[w] of (4.1). The 
main tool used to study the arithmetic of Z[w] is the norm function: if a = a+ bw is 
in Z[w], then its norm N(a) is the positive integer 


N(a) = a@ = a’ —ab+b’, 


where @ is the complex conjugate of a@ (in Exercise 4.1 we will see that @ € Z|w)). 
Note that the norm is multiplicative, i.e., for a, 8 € Z[w], we have 


N(af) = N(a)N(B) 
(see Exercise 4.2). Using the norm, one can prove that Z[w] is a Euclidean ring: 
Proposition 4.3. Given a, 8 € Z[w], B £0, there are y, 6 € Zw] such that 
a=y7y0+6 and N(d)<N(8). 
Thus Z{w] is a Euclidean ring. 


Proof. The norm function N(a) = a@ is defined on Q(w) = {r+sw:r,s € Q} and 
satisfies N(uv) = N(u)N(v) for u,v € Q(w) (see Exercise 4.2). Then 


a_ a8 op 
BBB Nia) © 2 
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so that a/f = r+sw for some r,s € Q. Let r;,5; be integers such that |r —7;| < 1/2 
and |s— s;| < 1/2, and then set y =r; +s;w and 6 = a—7f. Note that 7,6 € Z{w] 
and a = 78+. It remains to show that N(d) < N({). To see this, let e = a/B—y = 
(r—r,) +(s—s,)w, and note that 


6 =a—B = B(a/B—) = Be. 
Since the norm is multiplicative, it suffices to prove that N(e) < 1. But 


N(e) =N((r—r1) + (s —51)w) = (r n)—(r ri)(s—s,)+(s si)’, 


and the desired inequality follows from |r—r,|, |s—si| < 1/2. By the standard 
definition of a Euclidean ring (see, for example, Herstein [54, §3.7]), we are done. 
QED. 


Corollary 4.4. Z[w] is a PID (principal ideal domain) and a UFD (unique factor- 
ization domain). 


Proof. It is well known that any Euclidean ring is a PID and a UFD—see, for exam- 
ple, Herstein [54, Theorems 3.7.1 and 3.7.2]. Q.E.D. 


For completeness, let’s recall the definitions of PID and UFD. Let R be an integral 
domain. An ideal of R is principal if it can be written in the form aR = {a8 : B € R} 
for some a € R, and R is a PID if every ideal of R is principal. To explain what a 
UFD is, we first need to define units, associates and irreducibles: 


(i) a € Risa unit if a8 = 1 for some BE R. 
(ii) a, 8 € R are associates if a is a unit times B. This is equivalent to aR = BR. 
(iii) A nonunit a € R is irreducible if a = Py in R implies that 6 or ¥ is a unit. 


Then R is a UFD if every nonunit a 4 0 can be written as a product of irreducibles, 
and given two such factorizations of a, each irreducible in the first factorization can 
be matched up in a one-to-one manner with an associate irreducible in the second. 
Thus factorization is unique up to order and associates. 

It turns out that being a PID is the stronger property: every PID is a UFD (see 
Ireland and Rosen [59, §1.3]), but the converse is not true (see Exercise 4.3). Given 
a nonunit a ~ 0 ina PID R, the following statements are equivalent: 


(i) q@ is irreducible. 

(ii) a@ is prime (an element a of R is prime if a | By implies a | 8 or a| 7). 
(iii) @R is a prime ideal (an ideal p of R is prime if By € p implies 6 € p or y € p). 
(iv) @R is a maximal ideal. 


(See Exercise 4.4 for the proof.) 
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Since Z|w] is a PID and a UFD, the next step is to determine the units and primes 
of Zw]. Let’s start with the units: 


Lemma 4.5. 
(i) An element a € Z[w] is a unit if and only if N(a) = 1. 
(ii) The units of Zw} are Z[w]* = {+1,+w, +w*}. 
Proof. See Exercise 4.5. Q.E.D. 


The next step is to describe the primes of Zw]. The following lemma will be 
useful: 


Lemma 4.6. [fa € Z[w] and N(q) is a prime in Z, then a is prime in Z[w}. 


Proof. Since Z|w] is a PID, it suffices to prove that a is irreducible. So suppose that 
a = By in Z[w}. Taking norms, we obtain the integer equation 


N(q) = N(By) = N(B)N(7) 


(recall that the norm is multiplicative). Since N(a) is prime by assumption, this 
implies that N(G) or N(7) is 1, so that 6 or y is a unit by Lemma 4.5. Q.E.D. 


We can now determine all primes in Z[w]: 
Proposition 4.7. Let p be a prime in Z. Then: 
(i) If p = 3, then 1 —w is prime in Z|w| and 3 = —w*(1 —w)?. 


(ii) If p = 1 mod 3, then there is a prime x € Z|w| such that p = x7, and the 
primes 7 and 7 are nonassociate in Z|w]. 


(iii) Jf p = 2 mod 3, then p remains prime in Z|w]. 


Furthermore, every prime in Z|w] is associate to one of the primes listed in (i)-(iii) 
above. 


Proof. Since N(1 —w) = 3, Lemma 4.6 implies that 1 — w is prime in Z|w], and (i) 
follows. To prove (ii), suppose that p = 1 mod 3. Then (—3/p) = 1, so that p is 
represented by a reduced form of discriminant —3 (this is Theorem 2.16). The only 
such form is x? +.xy+-y’, so that p can be written as a? — ab+b?. Then 7 = a+ bw 
and # = a+ bw* have norms N(m) = N(7) = p and hence are prime in Z[w] by 
Lemma 4.6. In Exercise 4.7 we will prove that 7 and 7 are nonassociate. The proof 
of (iii) is left to the reader (see Exercise 4.7). 

It remains to show that all primes in Z[w] are associate to one of the above. Let’s 
temporarily call the primes given in (i)—(iii) the known primes of Z[w], and let a be 
any prime of Z[w]. Then N(a) = a@ is an ordinary integer and may be factored 
into integer primes. But (i)-{iii) imply that any integer prime is a product of known 
primes in Z[w], and consequently a@ = N(a) is also a product of known primes. The 
proposition then follows since Z[w] is a UFD. Q.E.D. 
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Given a prime 7 of Z[w], we get the maximal ideal Z|w] of Z[w]. The quo- 
tient ring Z[w]/2Z|w] is a thus a field. We can describe this field more carefully as 
follows: 


Lemma 4.8. /f 7 is a prime of Z|w], then the quotient field Z|w]/nZ|w] is a finite 
field with N(x) elements. Furthermore, N(x) = p or p* for some integer prime p, 
and: 


(i) [fp =3 or p=1 mod 3, then N(m) = p and Z/pZ ~ Ziw|/7Z |v). 


(ii) If p = 2 mod 3, then N(m) = p* and Z/ pZ is the unique subfield of order p of 
the field Z|[w|/nZ{w] of p* elements. 


Proof. In §7 we will prove that if 7 is a nonzero element of Z{w], then Z[w]/7Z[w] 
is a finite ring with N(7) elements (see Lemma 7.14 or Ireland and Rosen [59, §§9.2 
and 14.1]). Then (i) and (ii) follow easily (see Exercise 4.8). Q.E.D. 


Given a, 8 and x in Z[w], we will write a = 8 mod 7 to indicate that a and / 
differ by a multiple of 7, i.e., that they give the same element in Z|w]/7Z|w]. Using 
this notation, Lemma 4.8 gives us the following analog of Fermat’s Little Theorem: 


Corollary 4.9. [f 7 is prime in Z|w]| and doesn’t divide a € Z{w], then 
aN)! = | mod zr. 


Proof. This follows because (Z[w]/Z|w])* is a finite group with N(7) — 1 elements. 
QED. 


Given these properties of Z[w], we can now define the generalized Legendre sym- 
bol (a/7)3. Let x be a prime of Z[w] not dividing 3 (i.e., not associate to 1 —w). It 
is straightforward to check that 3 | N(7) — 1 (see Exercise 4.9). Now suppose that 
a € Z|w] is not divisible by 7. It follows from Corollary 4.9 that x = afM(—0/3 jg 
a root of x* = 1 mod z. Since 


x —1=(x—1)(x-—w)(x—w’*) mod + 


and 7 is prime, it follows that 


aN(™-D/3 = 1 ww? mod 7. 
However, the cube roots of unity 1,w,w? are incongruent modulo 7. To see this, 
note that if any two were congruent, then we would have 1 = w mod 7, which would 
contradict 7 not associate to 1 — w (see Exercise 4.9 for the details). Then we define 
the Legendre symbol (a/7)3 to be the unique cube root of unity such that 


(4.10) QA) Up = (2) mod 7. 
Ws 
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The basic properties of the Legendre symbol are easy to work out. First, from (4.10), 


one can show 
aB\ (a B 
Gere: 


and second, a = 8 mod zx implies that 


(see Exercise 4.10). The Legendre symbol may thus be regarded as a group homo- 
morphism from (Z[w]/7Z[w])* to C*. 

An important fact is that the multiplicative group of any finite field is cyclic (see 
Ireland and Rosen [59, §7.1]). In particular, (Z[w]/mZ|w])* is cyclic, which implies 
that 


(¢) = 1&5 Q™-YD3 = 1 modr 
T/3 


(4.11) 
<> x =amod7 has a solution in Z[w] 


(see Exercise 4.11). This establishes the link between the Legendre symbol and cubic 
residues. Note that one-third of (Z[w]/mZ|w])* consists of cubic residues (where 
the Legendre symbol equals 1), and the remaining two-thirds consist of nonresidues 
(where the symbol equals w or w”). Later on we will explain how this relates to the 
more elementary notion of cubic residues of integers. 

To state the law of cubic reciprocity, we need one final definition: a prime 7 
is called primary if 7 = +1 mod 3. Given any prime 7 not dividing 3, one can 
show that exactly two of the six associates +7, twa and +w*z are primary (see 
Exercise 4.12). Then the law of cubic reciprocity states the following: 


Theorem 4.12. if and @ are primary primes in Z|w] of unequal norm, then 


Proof. See Ireland and Rosen [59, §§9.4—9.5] or Smith (95, pp. 89-91]. Q.E.D. 


Notice how simple the statement of the theorem is—it’s among the most elegant 
of all reciprocity theorems (biquadratic reciprocity, to be stated below, is a bit more 
complicated). The restriction to primary primes is a normalization analogous to the 
normalization p > 0 that we make for ordinary primes. Some books (such as Ireland 
and Rosen [59]) define primary to mean 7 = —1 mod 3. Since (—1/7)3 = 1, this 
doesn’t affect the statement of cubic reciprocity. 

There are also supplementary formulas for (w/7)3 and (1 —w/7)3. Let x be 
prime and not associate to 1 —w. Then we may assume that 7 = —1 mod 3 (if 7 is 
primary, one of +7 satisfies this condition). Writing 7 = —1+3m-+ 3nw, it can be 
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shown that 


(4.13) 


The first line of (4.13) is easy to prove (see Exercise 4.13), while the second is more 
difficult (see Ireland and Rosen [59, p. 114] or Exercise 9.13). 

Let’s next discuss cubic residues of integers. If p is a prime, the basic question 
is: when does x* =a mod p have an integer solution? If p = 3, then Fermat’s Little 
Theorem tells us that a> = a mod 3 for all a, so that we always have a solution. 
If p = 2 mod 3, then the map a+> a? induces an automorphism of (Z/pZ)* since 
3 | p—1 (see Exercise 4.14), and consequently x° = a mod p is again always solvable. 
If p = 1 mod 3, things are more interesting. In this case, p = 77 in Z[w], and there 
is a natural isomorphism Z/pZ ~ Z|w]/1Z[w] by Lemma 4.8. Thus, for p { a, (4.11) 
implies that 


(4.14) x? =amod p is solvable inZ <> (£) =) 1; 
3 


Furthermore, (Z/pZ)* breaks up into three pieces of equal size, one of cubic residues 
and two of nonresidues. 

We can now use cubic reciprocity to prove Euler’s conjecture for primes of the 
form x? + 27y?: 


Theorem 4,15. Let p be a prime. Then p = x? +2Ty’ if and only if p = 1 mod 3 and 
2 is a cubic residue modulo p. 


Proof. First, suppose that p = x? + 27y*. This clearly implies that p = 1 mod 3, so 
that we need only show that 2 is a cubic residue modulo p. Let 7 = x + 3\/—3y, 
so that p = 77 in Z[w]. It follows that 7 is prime, and then by (4.14), 2 is a cubic 
residue modulo p if and only if (2/7), = 1. However, both 2 and 7 = x+3/—3y 
are primary primes, so that cubic reciprocity implies 


a @),-@), 


It thus suffices to prove that (7 /2)3 = 1. However, from (4.10), we know that 


(4.17) (5) = rmod2 

2/3 
since (N(2) — 1)/3 = 1. So we need only show that 7 = 1 mod 2. Since /—3 = 
14+2w, 7 =x+3/—3y =x+3y+ byw, so that 7 =x+3y=x+y mod 2. But x and 
y must have opposite parity since p = x” +27y”, and we are done. 


B. Z[i] AND BIQUADRATIC RECIPROCITY 73 


Conversely, suppose that p = 1 mod 3 is prime and 2 is a cubic residue modulo 
p. We can write p as p = 77, and we can assume that 7 is a primary prime in Z|w]. 
This means that 7 = a+ 3bw for some integers a and b. Thus 


4p = 4n7 = 4(a” — 3ab + 9b’) = (2a — 3b)? + 278’. 


Once we show b is even, it will follow immediately that p is of the form x? + 27y’. 
We now can use our assumption that 2 is a cubic residue modulo p. From (4.14) 
we know that (2/7)3 = 1, and then cubic reciprocity (4.16) tells us that (7/2)3 = 1. 
But by (4.17), this implies 7 = 1 mod 2, which we can write as a+ 3bw = 1 mod 2. 
This easily implies that a is odd and b is even, and p = x* + 27y’ follows. The 
theorem is proved. Q.E.D. 


B. Z/ii] and Biquadratic Reciprocity 


Our treatment of biquadratic reciprocity will be brief since the basic ideas are similar 
to what we did for cubic residues (for a complete discussion, see Ireland and Rosen 
[59, §§9.7-9.9]). Here, the appropriate ring is the ring of Gaussian integers Z[i] as 
defined in (4.2). The norm function N(a + bi) = a? +b? makes Z[i] into a Euclidean 
ring, and hence Z[i| is also a PID and a UFD. The analogs of Lemma 4.5 and 4.6 
hold for Z/i], and it is easy to check that its units are + 1 and +i (see Exercise 4.16). 
The primes of Z[i] are described as follows: 


Proposition 4.18. Let p be a prime in Z. Then: 
(i) If p =2, then 1 +i is prime in Z[i] and 2 = (1 +i)’. 


(ii) If p = 1 mod 4, then there is a prime x € Z[i] such that p = 7% and the primes 
m and F are nonassociate in Z{i. 


(iii) If p =3 mod 4, then p remains prime in Z{i). 


Furthermore, every prime in Z|i] is associate to one of the primes listed in (i)—(iii) 
above. 


Proof. See Exercise 4.16. Q.E.D. 


We also have the following version of Fermat’s Little Theorem: if 7 is prime in 
Zi] and doesn’t divide a € Z{i], then 


(4.19) aN —-! = 1 mod r 


(see Exercise 4.16). 

These basic facts about the Gaussian integers appear in many elementary texts 
(e.g., Herstein {[54, §3.8]), but such books rarely mention that the whole reason Gauss 
introduced the Gaussian integers was so that he could state biquadratic reciprocity. 
We will have more to say about this later. 

We can now define the Legendre symbol (a/7)4. Given a prime 7 € Z[i] not asso- 
ciate to 1 +i, it can be proved that +1, +i are distinct modulo z and that 4 | N(7) — 1 
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(see Exercise 4.17). Then, for a not divisible by 7, the Legendre symbol (a/7)a is 
defined to be the unique fourth root of unity such that 


(4.20) eNO 1/4 = 6) mod 7. 
TH 4 
As in the cubic case, we see that 


(2) =1 <> x4 =amod 7 is solvable in Z[i], 
w/a 


and furthermore, the Legendre symbol gives a character from (Z[i]/7Z[i])* to C*, 
so that (Z[i]/mZJi])* is divided into four equal parts (see Exercise 4.18). When 
p =1 mod 4, we have p = x7 with (Z|i]/mZ[i])* ~ (Z/pZ)*, and the partition 
can be described as follows: one part consists of biquadratic residues (where the 
symbol equals 1), another consists of quadratic residues which aren’t biquadratic 
residues (where the symbol equals —1), and the final two parts consist of quadratic 
nonresidues (where the symbol equals +i)—see Exercise 4.19. 

A prime 7 of Z[i] is primary if 7 = 1 mod 2+ 2i. Any prime not associate to 1 +i 
has a unique associate which is primary (see Exercise 4.21). With this normalization, 
the law of biquadratic reciprocity can be stated as follows: 


Theorem 4.21. [fx and 6 are distinct primary primes in Z|i], then 


O\ _(% ((8)—1)(N(m)-1)/16 
~) =(3) (i) ; 
Ta 4 


Proof. See Ireland and Rosen [59, §9.9] or Smith [95, pp. 76-37]. Q.E.D. 


There are also supplementary laws which state that 


4) _ -e-np 
TS 


irs = j(a—-b-1—b*)/4 
uw /4 


where 7 = a+ bi is a primary prime. As in the cubic case, the first line of (4.22) is 
easy to prove (see Exercise 4.22), while the second is more difficult (see Ireland and 
Rosen [59, Exercises 32-37, p. 136]). 

We can now prove Euler’s conjecture about p = x? + 64y”: 


(4.22) 


Theorem 4.23. 


(i) If = a+ biis a primary prime in Zi), then 


2 a jab/2 
w)4 : 
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(ii) If p is prime, then p = x° + 64y° if and only if p = 1 mod 4 and 2 is a bi- 
quadratic residue modulo p. 


Proof. First note that (i) implies (i1). To see this, let p = 1 mod 4 be prime. We can 
write p = a? +b? = 7, where t = a+ bi is primary. Note that a is odd and b is 
even. Since Z/pZ ~ Z{i|/nZ{i], (i) shows that 2 is a biquadratic residue modulo p if 
and only if b is divisible by 8, and (ii) follows easily. 

One way to prove (i) is via the supplementary laws (4.22) since 2 = ?(1 +i)? 
(see Exercise 4.23). However, in 1857, Dirichlet found a proof of (i) that uses only 
quadratic reciprocity [27, Vol. II, pp. 261-262]. A version of this proof is given in 
Exercise 4.24 (see also Ireland and Rosen [59, Exercises 26-28, p. 64]). Q.E.D. 


C. Gauss and Higher Reciprocity 


Most of the above theorems were discovered by Gauss in the period 1805—1814, 
though the bulk of what he knew was never published. Only in 1828 and 1832, long 
after the research was completed, did Gauss publish his two memoirs on biquadratic 
residues [42, Vol. II, pp. 65-148] (see also [41, pp. 511-586, German editions] for 
a German translation). The first memoir treats the elementary theory of biquadratic 
residues of integers, and it includes a proof of Euler’s conjecture for x? + 64y’. In 
the second memoir. Gauss begins with a careful discussion of the Gaussian integers, 
and he explains their relevance to biquadratic reciprocity as follows [42, Vol. II, §30, 
p. 102]: 


the theorems on biquadratic residues gleam with the greatest simplicity and 
genuine beauty only when the field of arithmetic is extended to imaginary num- 
bers, so that without restriction, the numbers of the form a+ bi constitute the 
object [of study], where as usual i denotes /—1 and the indeterminates a,b de- 
note integral real numbers between —oco and +00. We will call such numbers 
integral complex numbers (numeros integros complexos) ... 


Gauss’ treatment of Z[i] includes most of what we did above, and in particular the 
terms norm, associate and primary are due to Gauss. 

Gauss’ statement of biquadratic reciprocity differs slightly from Theorem 4.21. 
In terms of the Legendre symbol, his version goes as follows: given distinct primary 
primes 7 and @ of Z/i], 


If either x or 6 is congruent to 1 modulo 4, then (77 /0)4 = (0/7)4. 
If both 7 and @ are congruent to 3 + 2i modulo 4, then (7/0@)4 = —(6/m)a. 


In Exercise 4.25 we will see that this is equivalent to Theorem 4.21. As might be 
expected, Gauss doesn’t use the Legendre symbol in his memoir. Rather, he defines 
the biquadratic character of a with respect to 7 to be the number \ € {0,1,2,3} 
satisfying a%(")—1)/4 = } mod x (so that (a/m)4 = i>), and he states biquadratic 
reciprocity using the biquadratic character. For Gauss, this theorem is “the Funda- 
mental Theorem of biquadratic residues” [42, Vol. II, §67, p. 138], but instead of 
giving a proof, Gauss comments that 


In spite of the great simplicity of this theorem, the proof belongs to the most 
hidden mysteries of higher arithmetic, and at least as things now stand, [the 
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proof] can be explained only by the most subtle investigations, which would 
greatly exceed the limits of the present memoir. 


Later on, we will have more to say about Gauss’ proof. 
In the second memoir, Gauss also makes his only published reference to cubic 
reciprocity [42, Vol. II, §30, p. 102]: 


The theory of cubic residues must be based in a similar way on a consideration 
of numbers of the form a+ bh, where h is an imaginary root of the equation 
h —1=0, say h = (—1+/—3)/2, and similarly the theory of residues of 
higher powers leads to the introduction of other imaginary quantities. 


So Gauss was clearly aware of the properties of Z[w], even if he never made them 
public. 

Turning to Gauss’ unpublished material, we find that one of the earliest fragments 
on higher reciprocity, dated around 1805, is the following “Beautiful Observation 
Made By Induction” [42, Vol. VII, pp. 5 and 11): 


2 is a cubic residue or nonresidue of a prime number p of the form 3n + 1, 
according to whether p is representable by the form xx + 27yy or 4xx+ 2xy + Tyy. 


This shows that Euler’s conjecture for x? + 27y* was one of Gauss’ starting points. 
And notice that Gauss was aware that he was separating forms in the same genus— 
the very problem we discussed in §3. 

Around the same time, Gauss also rediscovered Euler’s conjecture for x” + 64y? 
[42, Vol. X.1, p. 37]. But how did he come to make these conjectures? There are 
two aspects of Gauss’ work that bear on this question. The first has to do with 
quadratic forms. Let’s follow the treatment in Gauss’ first memoir on biquadratic 
residues [42, Vol. II, §§12-14, pp. 75-78]. Let p = 1 mod 4 be prime. If 2 is to 
be a biquadratic residue modulo p, it follows by quadratic reciprocity that p = 1 
mod 8 (see Exercise 4.26). By Fermat’s theorem for x? + 2y’, p can be written 
as p = a* + 2b’, and Gauss proves the lovely result that 2 is a biquadratic residue 
modulo p if and only if a = +1 mod 8 (see Exercise 4.27). This is nice, but Gauss 
isn’t satisfied: 


Since the decomposition of the number p into a single and double square is 
bound up so prominently with the classification of the number 2, it would be 
worth the effort to understand whether the decomposition into two squares, to 
which the number p is equally liable, perhaps promises a similar success. 


Gauss then computes some numerical examples, and they show that when p is written 
as a” + b’, 2 is a biquadratic residue exactly when b is divisible by 8. This could be 
how Gauss was led to the conjecture in the first place, and the same thing could have 
happened in the cubic case, where primes p = 1 mod 3 can be written as a” + 3b’. 
The cubic case most likely came first, for it turns out that Gauss describes a rela- 
tion between x? + 27y” and cubic residues in the last section of Disquisitiones. This 
is where Gauss discusses the cyclotomic equation x? — 1 = 0 and proves his cele- 
brated theorem on the constructibility of regular polygons. To see what this has to do 
with cubic residues, let’s describe a little of what he does. Given an odd prime p, let 
Gp = e?™'/P be a primitive pth root of unity, and let g be a primitive root modulo p, 
i.e., g is an integer such that [g] generates the cyclic group (Z/pZ)*. Now suppose 
that p-- 1= ef, and let » be an integer. Gauss then defines [41, §343] the period 
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(f,A) to be the sum 

f-1 

GAH Gr 

j=0 
These periods are the key to Gauss’ study of the cyclotomic field Q(G,): If we fix 
f, then the periods (f,1),(f,2),(f,87),--.,(f,g°') are the roots of an irreducible 
integer polynomial of degree e, so that these periods are primitive elements of the 
unique subfield Q C K C Q(¢,,) of degree e over Q. See Cox [A7, Section 9.2] for 
more on Gauss’ theory of periods. 

When p = 1 mod 3, we can write p — 1 = 3/f, and then the three above periods 

are (f,1), (f,g) and (f,g”). Gauss studies this case in [41, §358], and by analyzing 
the products of the periods, he deduces the amazing result that 


If 4p = a* + 27b* and a = 1 mod 3, then N = p+a—2, where 


(4.24) ; ; te 
N is the number of solutions modulo p of x — y = 1 mod p. 


To see how cubic residues enter into (4.24), note that VN = 9M +6, where M is the 
number of nonzero cubic residues which, when increased by one, remain a nonzero 
cubic residue (see Exercise 4.29). Gauss conjectured this result in October 1796 and 
proved it in July 1797 [42, Vol. X.1, entries 39 and 67, pp. 505-506 and 519]. So 
Gauss was aware of cubic residues and quadratic forms in 1796. Gauss’ proof of 
(4.24) is sketched in Exercise 4.29. 

Statement (4.24) is similar to the famous last entry in Gauss’ mathematical diary. 
In this entry, Gauss gives the following analog of (4.24) for the decomposition p = 
a’ +b’ of a prime p = 1 mod 4: 


If p =a’ +b? and a+ biis primary, then N = p—2a—3, where 
N is the number of solutions modulo p of x” + y? +.x*y? = 1 mod p 


(see [42, Vol. X.1, entry 146, pp. 571-572]). In general, the study of the solutions 
of equations modulo p leads to the zeta function of a variety over a finite field. 
For an introduction to this extremely rich topic, see Ireland and Rosen [59, Chapter 
11]. In §14 we will see how Gauss’ results relate to elliptic curves with complex 
multiplication. 

Going back to the cubic case, there is a footnote in [41, §358] which gives another 


interesting property of the periods (f,1), (f,g) and (f,g”): 
as el) alfa) +u*(92))? = plat bV=B)/2, 
: where 4p = a* + 27b’. 


The right-hand side is an integer in the ring Z|w], and one can show that 7 = (a+ 
b\/—27)/2 is a primary prime in Z[w] and that p = 77%. This is how Gauss first 
encountered Z[w] in connection with cubic residues. Notice also that if we set x(a) = 
(a/7)3 and pick the primitive root g so that y(g) = w, then 


p-1 
(4.26) (f,1) +w(f.8) +w°(f,87) = >> x(a)e. 
a=1 
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This is an example of what we now call a cubic Gauss sum. See Ireland and Rosen 
[59, §§8.2—-8.3] for the basic properties of Gauss sums and a modern treatment of 
(4.24) and (4.25). 

The above discussion shows that Gauss was aware of cubic residues and Z[w] 
when he made his “Beautiful Observation” of 1805, and it’s not surprising that two 
years later he was able to prove a version of cubic reciprocity [42, Vol. VIII, pp. 9- 
13]. The biquadratic case was harder, taking him until sometime around 1813 or 
1814 to find a complete proof. We know this from a letter Gauss wrote Dirichlet in 
1828, where Gauss mentions that he has possessed a proof of the “Main Theorem” 
for around 14 years [42, Vol. II, p. 516]. Exact dates are hard to come by, for most 
of the fragments Gauss left are undated, and it’s not easy to match them up with his 
diary entries. For a fuller discussion of Gauss’ work on biquadratic reciprocity, see 
Bachmann [42, Vol. X.2.1, pp. 52-60] or Rieger [84]. 

Gauss’ proofs of cubic and biquadratic reciprocity probably used Gauss sums 
similar to (4.26), and many modern proofs run along the same lines (see Ireland and 
Rosen [59, Chapter 9]). Gauss sums were first used in Gauss’ sixth proof of quadratic 
reciprocity (see [42, Vol. II, pp. 55-59] or [41, pp. 501-505, German editions]). This 
is no accident, for as Gauss explained in 1818: 


From 1805 onwards I have investigated the theory of cubic and biquadratic 
residues ... Theorems were found by induction ... which had a wonderful anal- 
ogy with the theorems for quadratic residues. On the other hand, for a long time 
all attempts at complete proofs have been futile. This was the motive for endeav- 
oring to add yet more proofs to those already known for quadratic residues, in 
the hope that of the many different methods given, one or the other would con- 
tribute to the illumination of the related arguments [for cubic and biquadratic- 
residues]. This hope was in no way in vain, for at last tireless labor has led to 
favorable success. Soon the fruit of this vigilance will be permitted to come to 
public light... 


(see [42, Vol. II, p. 50] or [41, p. 497, German editions]). The irony is that Gauss 
never did publish his proofs, and it was left to Eisenstein and Jacobi to give us the 
first complete treatments of cubic and biquadratic reciprocity (see Collinson [22] or 
Smith [95, pp. 76-92] for more on the history of these reciprocity theorems). 

We will conclude this section with some remarks about what happened after 
Gauss. Number theory was becoming a much larger area of mathematics, and the 
study of quadratic forms and reciprocity laws began to diverge. In the 1830s and 
1840s, Dirichlet introduced L-series and began the analytic study of quadratic forms, 
and simultaneously, Eisenstein and Jacobi worked out cubic and biquadratic reci- 
procity. Jacobi studied reciprocity for 5th, 8th and 12th powers, and Eisenstein 
proved octic reciprocity. Kummer was also studying higher reciprocity, and he 
introduced his “ideal numbers” to make up for the lack of unique factorization in 
Q(e?"/?), Both he and Eisenstein were able to prove generalized reciprocity laws 
using these “ideal numbers” (see Ireland and Rosen [59, Chapter 14] and Smith [95, 
pp. 93-126]). In 1871 Dedekind made the transition from “ideal numbers” to ideals 
in rings of algebraic integers, laying the foundation for modern algebraic number 
theory and class field theory. Lemmermeyer’s book [A15] contains a wealth of in- 
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formation about reciprocity in the nineteenth century. See also Chapter 8 of the book 
[A3] by Berndt, Evans and Williams. 

But reciprocity was not the only force leading to class field theory: there was also 
complex multiplication. Euler, Lagrange, Legendre and others studied transforma- 
tions of the elliptic integrals 


i d 
(—x)(1—kx)’ 


and they discovered that certain values of k, called singular moduli, gave elliptic 
integrals that could be transformed into complex multiples of themselves. This phe- 
nomenon came to be called complex multiplication. In working with complex mul- 
tiplication, Abel observed that singular moduli and the roots of the corresponding 
transformation equations have remarkable algebraic properties. In modern terms, 
they generate Abelian extensions of Q(./—n), i-e., Galois extensions of Q(./—n) 
whose Galois group is Abelian. These topics will be discussed in more detail in 
Chapter Three. 

Kronecker extended and completed Abel’s work on complex multiplication, and 
in so doing he made the amazing conjecture that every Abelian extension of Q(./—n) 
lies in one of the fields described above. Kronecker had earlier conjectured that every 
Abelian extension of Q lies in one of the cyclotomic fields Q(e?"/") (this is the 
famous Kronecker—-Weber Theorem, to be proved in §8). Abelian extensions may 
seem far removed from reciprocity theorems, but Kronecker also noticed relations 
between singular moduli and quadratic forms. For example, his results on complex 
multiplication by /—31 led to the following corollary which he was fond of quoting: 


(x3 — 10x)? + 31(x2 — 1)? =0 mod p 


_ 2 
pHxr+3ly — { has an integral solution 


(see [68, Vol. II, pp. 93 and 99-100, Vol. IV, pp. 123-129]). This is similar to what 
we just proved for x* + 27y and x? + 64y* using cubic and biquadratic reciprocity. 
So something interesting is going on here. 

We thus have two interrelated questions of interest: 


(i) Is there a general reciprocity law that subsumes the known ones? 


(ii) Is there a general method for describing all Abelian extensions of a number 
field? 


The crowning achievement of class field theory is that it solves both of these prob- 
lems simultaneously: an Abelian extension L of a number field K is classified in 
terms of data intrinsic to K, and the key ingredient linking L to this data is the Artin 
Reciprocity Theorem. Complete statements of the theorems of class field theory 
will be given in Chapter Two, and in Chapter Three we will explain how complex 
multiplication is related to the class field theory of imaginary quadratic fields. 

For a fuller account of the history of class field theory, see the article by W. and F. 
Ellison (32, §§III-IV] in Dieudonné’s Abrégé d’Histoire des Mathématiques 1700- 
1900. Weil has a nice discussion of reciprocity and cyclotomic fields in [105] and 
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[107], and Edwards describes Kummer’s “ideal numbers” in [31, Chapter 4]. See 
also Part I of Vladut’s book [A24] on Kronecker’s Jugentraum. 


D. Exercises 


4.1. 


4.2. 


4.3. 


4.4. 


4.5. 
4.6. 


4.7. 


4.8. 
4.9. 


Prove that Z[w] and Z[i] are subrings of the complex numbers and are closed 
under complex conjugation. 


Let Q(w) = {r+sw :r,s € Q}, and define the norm of r + sw to be N(r+ sw) = 
(r+sw)(r+ sw). 

(a) Show that N(r+sw) = r’—rs+s?. 

(b) Show that N(uv) = N(u)N(v) for u,v € Q(w). 
It is well-known that R = C[x,y] is a UFD (see Herstein [54, Corollary 2 to 


Theorem 3.11.1]). Prove that J = {f(x,y) € R: f(0,0) = 0} is an ideal of R 
which is not principal, so that R is not a PID. Hint: x,y € J. 


Given a nonunit a 4 0 in a PID R, prove that a is irreducible — > a is prime 
<=> aR isa prime ideal — > aR is a maximal ideal. 


Prove Lemma 4.5. Hint for (ii): use (i) and (2.4). 


While Z|w] is a PID and a UFD, this exercise will show that the closely related 
ring Z[/—3] has neither property. 
(a) Show that +1 are the only units of Z[./—3]. 


(b) Show that 2, 1 +./—3 and 1 — /—3 are nonassociate and irreducible in 
Z|V—3]. Since 4 = 2-2 = (1+ V—3)(1 — V—3), these elements are not 
prime and thus Z[/—3] is not a UFD. 

(c) Show that the ideal in Z[,/—3] generated by 2 and 1 + /—3 is not prin- 
cipal. Thus Z[./—3] is not a PID. 


This exercise is concerned with the proof of Proposition 4.7. Let p be a prime 
number. 


(a) When p = | mod 3, we showed that p = 17 where 7 and 7 are prime in 
Z|w]. Prove that 7 and 7 are nonassociate in Z[w]. 


(b) When p = 2 mod 3, prove that p is prime in Z[w]. Hint: show that p 
is irreducible. Note that by Lemma 2.5, the equation p = N(q) has no 
solutions. 


Complete the proof of Lemma 4.8. 
Let x be a prime of Z[w] not associate to 1 — w. 


(a) Show that 3 | N(7)—1. 
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(b) If two of 1,w,w* are congruent modulo 7, then show that 1 = w mod 7, 
and explain why this contradicts our assumption on 7. This proves that 
1, w and w are distinct modulo z. 


4.10. Let 7 be prime in Z[w], and let a, 8 € Z[{w] be not divisible by 7. Verify the 
following properties of the Legendre symbol. 


(a) (a8/m)3 = (a/7)3(8/7)3. 
(b) (a/7)3 = (6/m)3 when a = 6 mod 7. 
4.11. Let 7 be prime in Z[w]. Assuming that (Z[w]/7Z[w])* is cyclic, prove (4.11). 


4.12. Let 7 be a prime of Z{w] which is not associate to 1 — w. Prove that exactly 
two of the six associates of 7 are primary. 


4.13. Prove the top line of (4.13). 


4.14. Use the hints in the text to prove that the congruence x° = a mod p is always 
solvable when p is a prime congruent to 2 modulo 3. 


4.15. In this problem we will give an application of cubic reciprocity which is similar 
to Theorem 4.15. Let p = 1 mod 3 be a prime. 


(a) Use the proof of Theorem 4.15 to show that 4p can be written in the form 
Ap =a? + 27b’, where a = 1 mod 3. Conclude that 7 = (a+ 3\/—3b)/2 
is a primary prime of Z[{w] and that p = 77. 


(b) Show that the supplementary laws (4.13) can be written 


(2) = yrlat2)/3 
T/3 


(=) — yylat2)/3+b 
Me f3 


where 7 is as in part (a). 
(c) Use (b) to show that (3/77)3 = w”?. 
(d) Use (c) and (4.14) to prove that for a prime p, 


7 5 p=1mod3 and 3isa 
4p ax +243y' <=> { cubic residue modulo p 


Euler conjectured the result of (d) (in a slightly different form) in his Tractatus 
(33, Vol. V, pp. XXII and 250}. 


4.16. In this exercise we will discuss the properties of the Gaussian integers Z[i]. 


(a) Use the norm function to prove that Z[i] is Euclidean. 
(b) Prove the analogs of Lemmas 4.5 and 4.6 for Z[i]. 


82 


4.17. 


4.18. 


4.19 


4.20. 


4.21. 


4.22. 


4.23. 
4.24. 
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(c) Prove Proposition 4.18. 
(d) Formulate and prove the analog of Lemma 4.8 for Z/i]. 
(e) Prove (4.19). 


If x is a prime of Z/i] not associate to 1+ i, show that 4 | N(7) — 1 and that +1 
and +i are all distinct modulo z. 


This exercise is devoted to the properties of the Legendre symbol (a/7)a, 
where 7 is prime in Z/i] and a is not divisible by 7. 


(a) Show that a((")—!)/4 is congruent to a unique fourth root of unity mod- 
ulo 7. This shows that the Legendre symbol, as given in (4.20), is well- 
defined. Hint: use Exercise 4.17. 


(b) Prove that the analogs of the properties given in Exercise 4.10 hold for 
(a/m)4. 


(c) Prove that 


(2) =1 <> x+=amod7 _ is solvable in Z[i]. 
TH 


In this exercise we will study the integer congruence x* = 


p = 1 mod 4 is prime and a is an integer not divisible by p. 


a mod p, where 


(a) Write p = 17 in Z[i]. Then use (4.20) to show that (a/ m4” = (a/p), and 
conclude that (a/7)4 = +1 if and only if (a/p) = 1. 


(b) Verify the partition of (Z/pZ)* described in the discussion following 
(4.20). 


Here we will study the congruence x* = a mod p when p = 3 mod 4 is prime 
and a is an integer not divisible by p. 


(a) Use (4.20) to show that (a/p)4 = 1. Thus a is a fourth power modulo p 
in the ring Z[i]. 
(b) Show that a is the biquadratic residue of an integer modulo p if and only 


if (a/p) = 1. Hint: study the maps ¢;(x) = x on an Abelian group of 
order 2m, m odd. 


If a prime 7 of Z[i] is not associate to 1 +i, then show that a unique associate 
of 7 is primary. 


Prove the top formula of (4.22). 
Use the supplementary laws (4.22) to prove part (1) of Theorem 4.23. 


Let p = 1 mod 4 be prime, and write p = a +b’, where a is odd and b is 
even. The goal of this exercise is to present Dirichlet’s elementary proof that 
(2/m)4 =i%/?, where = a+ bi. 
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(a) Use quadratic reciprocity for the Jacobi symbol to prove that (a/p) = 1. 
(b) Use 2p = (a +b)* + (a — b)? and quadratic reciprocity to show that 


(c) Use (b) and (4.20) to show that 
(5)-(@)* 
Pp T/4 
Hint: —1 = i”. 


(d) From (a+b)* = 2ab mod p, deduce that 
(i) (a+b)@-Y/2 = (2ab)°-)/4 mod p. 
(ii) (a+b/p) = (2ab/m)a. 
(e) Show that 2ab = 2a7i mod 7, and then use (a) and Exercise 4.19 to show 


that 
2ab _ 2i 
wT J4 Nar < 


(f) Combine (c), (d) and (e) to show that (2/7)4 = i%/?. 


4.25. In this exercise we will study Gauss’ statement of biquadratic reciprocity. 
(a) If x is a primary prime of Z[i], then show that either 7 = 1 mod 4 or 
nm =3+42imod 4. 


(b) Let a and 6 be distinct primary primes in Z[i]. Show that biquadratic 
reciprocity is equivalent to the following two statements: 


If either 7 or 0 is congruent to 1 modulo 4, then (7/6)4 = (0/m)a. 
If x and @ are both congruent to 3 + 2i modulo 4, then (7 /0)4 = —(0/7)4. 


This is how Gauss states biquadratic reciprocity in [42, Vol. II, §67, 
p. 138]. 


4.26. If 2 is a biquadratic residue modulo an odd prime p, prove that p = +1 mod 8. 


4.27. In this exercise, we will present Gauss’ proof that for a prime p = 1 mod 8, the 
biquadratic character of 2 is determined by the decomposition p = a? + 2b’. 
As usual, we write p = 17 in Z/i]. 


(a) Show that (—1/7)4 = 1 when p = 1 mod 8. 
(b) Use the properties of the Jacobi symbol to show that 


(¢) = (=F DA, 
Pp 
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(c) Use the Jacobi symbol to show that (b/p) = 1. Hint: write b = 2c, ¢ 
odd, and first show that (c/p) = 1. 


(d) Show that 
2 _ (= 
u ie nm /4 


Hint: use Exercise 4.19. 


II 
, eS 
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Combining (c) and (d), we see that (2/74) = (-1)@-D/8, and Gauss’ claim 
follows. If you read Gauss’ original argument [42, Vol. IT, §13], you'll appre- 
ciate how much the Jacobi symbol simplifies things. 


4.28. Let (f,) and (f, 1) be periods, and write (f, 2) = ¢#! +---+¢4/. Then prove 
that 


f 
(fA): (fn) = SOF At Hy). 


j=! 


4.29. Let p = 1 mod 3 be prime, and set p— 1 = 3f. Let (f,1), (f,g) and (f,g) 
be the periods as in the text. Recall that g is a primitive root modulo p. In 
this problem we will describe Gauss’ proof of (4.24) (see [41, §358]). For i, 
J € {0, 1,2}, let (i) be the number of pairs (m,n), 0 < m,n < f — 1, such that 


1493"! = "+/ mod p. 
(a) Show that the number of solutions modulo p of the equation x* — y> = 1 
mod p is N = 9(00) +6. 
(b) Use Exercise 4.28 to show that 


(f.1)-(f,1) =f + (00)(F,1) + (01)(F,8) + (02)(f,8”) 
(f,1)-(f,8) = (10)(f,1) + (11)(f,8) + (12)(f,.87) 
and conclude that (00) + (01) + (02) = f—1 and (10)+ (11) + (12) =f. 
Hint: (f,0) = f and —1 = (-1)>. 


(c) Show that (10) = (22), (11) = (20) and (12) = (21). Hint: expand (f, g)- 
(f,1) and compare it to what you got in (b). 


(d) Arguing as in (c), show that the 9 quantities (ij) reduce to three: 
a@ = (12) = (21) = (00)+1 
B = (01) = (10) = (22) 
-y = (02) = (20) = (11). 


(e) Note that (f,1)-(f,g)-(f,g7) is an integer. By expanding this quantity 
in terms of a, 8 and +, show that 


+8 +7-a=a8+hy+ay. 
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(f) Using (e), show that 
(6a—38 —3y—2)*+27(B—7)* = 12(a+ B+) +4. 


(g) Recall thata+ 6+ y= f (this was proved in (b)) and that p—1=3/f. 
Then use (f) to show that 


4p =a* +27b’, 


where a = 6a — 36 —3y—2andb=£B—y¥. 
(h) Let a be as in (g). Show that 


a=9a—-3(a+8+7)—2=9a-p-1. 
Then use a = (00) + I and (a) to conclude that 
a=N-—p+2. 
This proves (4.24). 
In his first memoir on biquadratic residues [42, Vol. II, §§15—20, pp. 78-89], Gauss 


used a biquadratic analog of the (ij)’s (without any mention of periods) to determine 
the biquadratic character of 2. 


CHAPTER TWO 


CLASS FIELD THEORY 


§5. THE HILBERT CLASS FIELD AND p = x? + ny” 


In Chapter One, we used elementary techniques to study the primes represented by 
x’ +ny’, n > 0. Genus theory told us when p = x* + ny’ for a large but finite number 
of n’s, and cubic and biquadratic reciprocity enabled us to treat two cases where 
genus theory failed. These methods are lovely but limited in scope. To solve p = 
x’ + ny” when n > 0 is arbitrary, we will need class field theory, and this is the main 
task of Chapter Two. But rather than go directly to the general theorems of class field 
theory, in §5 we will first study the special case of the Hilbert class field. Theorem 5.1 
below will use Artin reciprocity for the Hilbert class field to solve our problem for 
infinitely many (but not all) n > 0. We will then study the case p = x* + 14y? in 
detail. This is a case where our previous methods failed, but once we determine the 
Hilbert class field of Q(./-14), Theorem 5.1 will immediately give us a criterion 
for when p = x? + 14y?. 

The central notion of this section is the Hilbert class field of a number field K. We 
do not assume any previous acquaintance with this topic, for one of our goals is to 
introduce the reader to this more accessible part of class field theory. To see what 
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the Hilbert class field has to do with the problem of representing primes by x” + ny’, 
let’s state the main theorem we intend to prove: 


Theorem 5.1. Let n > 0 be an integer satisfying the following condition: 
(5.2) n squarefree, n #3 mod 4. 


Then there is a monic irreducible polynomial f,(x) © Z|x] of degree h(—4n) such 
that if an odd prime p divides neither n nor the discriminant of f,(x), then 


tue (—n/p) = 1 and fy(x) = 0 mod p 
PSE Sat { has an integer solution. 
Furthermore, f,(x) may be taken to be the minimal polynomial of a real algebraic 
integer a for which L = K(q) is the Hilbert class field of K = Q(./—n). 


While (5.2) does not give all integers n > 0, it gives infinitely many, so that Theo- 
rem 5.1 represents some real progress. In §9 we will use the full power of class field 
theory to prove a version of Theorem 5.1 that holds for all positive integers n. 


A. Number Fields 


We will review some basic facts from algebraic number theory, including Dedekind 
domains, factorization of ideals, and ramification. Most of the proofs will be omit- 
ted, though references will be given. Readers looking for a more complete treatment 
should consult Borevich and Shafarevich [8], Lang [72] or Marcus [77]. For an espe- 
cially compact presentation of this material, see Ireland and Rosen [59, Chapter 12]. 

To begin, we define a number field K to be a subfield of the complex numbers C 
which has finite degree over Q. The degree of K over Q is denoted [K : Q]. Given 
such a field K, we let Ox denote the algebraic integers of K, i.e., the set of alla € K 
which are roots of a monic integer polynomial. The basic structure of Ox is given in 
the following proposition: 


Proposition 5.3. Let K be a number field. 
(i) Ox is a subring of C whose field of fractions is K. 
(ii) Ox is a free Z-module of rank |K : Q|. 


Proof. See Borevich and Shafarevich [8, §2.2] or Marcus [77, Corollaries to Theo- 
rems 2 and 9]. Q.E.D. 


We will often call Ox the ring of integers of K. To begin our study of Ox, we note 
that part (ii) of Proposition 5.3 has the following useful consequence concerning the 
ideals of Ox: 


Corollary 5.4. If K is a number field and a is a nonzero ideal of Ox, then the quotient 
ring Ox /a is finite. 
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Proof. See Exercise 5.1. Q.E.D. 


Given a nonzero ideal a of the ring Ox, its norm is defined to be N(a) = |Ox/al. 
Corollary 5.4 guarantees that (a) is finite. 

When we studied the rings Z[w] and Z[i] in §4, we used the fact that they were 
unique factorization domains. In general, the rings Ox are not UFDs, but they have 
another property which is almost as good: they are Dedekind domains. This means 
the following: 


Theorem 5.5. Let Ox be the ring of integers in a number field K. Then Ox is a 
Dedekind domain, which means that 


(i) Ox is integrally closed in K, i.e., if a € K satisfies a monic polynomial with 
coefficients in Ox, then a € Ox. 


(ii) Ox is Noetherian, i.e., given any chain of ideals a, C a2 C ---, there is an 
integer n such that dy = Qn41) =-°°. 


(iii) Every nonzero prime ideal of Ox is maximal. 


Proof. The proof of (i) follows easily from the properties of algebraic integers (see 
Lang [72, §1.2] or Marcus [77, Exercise 4 to Chapter 2}), while (ii) and (iii) are 
straightforward consequences of Corollary 5.4 (see Exercise 5.1). Q.E.D. 


The most important property of a Dedekind domain is that it has unique factor- 
ization at the level of ideals. More precisely: 


Corollary 5.6. [f K is a number field, then any nonzero ideal a in Ox can be written 
as a product 


a=py--p, 


of prime ideals, and the decomposition is unique up to order. Furthermore, the p;’s 
are exactly the prime ideals of Ox containing a. 


Proof. This corollary holds for any Dedekind domain. For a proof, see Lang [72, 
§1.6] or Marcus [77, Chapter 3, Theorem 16]. In Ireland and Rosen [59, §12.2] there 
is a nice proof (due to Hurwitz) that is special to the number field case. Q.E.D. 


Prime ideals play an especially important role in algebraic number theory. We will 
often say “prime” rather than “nonzero prime ideal,” and the terms “prime of K” and 
“nonzero prime ideal of Ox” will be used interchangeably. Notice that when p is a 
prime of K, the quotient ring Ox/p is a finite field by Corollary 5.4 and Theorem 5.5. 
This field is called the residue field of p. 

Besides ideals of Ox, we will also use fractional ideals, which are the nonzero 
finitely generated Ox-submodules of K. The name “fractional ideal” comes from the 
fact that such an ideal can be written in the form aa, where a € K and a is an ideal 
of Ox (see Exercise 5.2). Readers unfamiliar with fractional ideals should consult 
Marcus [77, Exercise 31 of Chapter 3]. The basic properties of fractional ideals are: 
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Proposition 5.7. Let a be a fractional Ox-ideal. 


(i) a is invertible, i.e., there is a fractional Ox-ideal 6 such that ab = Ox. The 
ideal b will be denoted a7. 


(ii) a can be written uniquely as a product a= | ieee p;', 7: € Z, where the p;'s are 
distinct prime ideals of Ox. 


Proof. See Lang [72, §1.6] or Marcus [77, Exercise 31 of Chapter 3]. Q.E.D. 


We will let [x denote the set of all fractional ideals of K. Then J is closed under 
multiplication of ideals (see Exercise 5.2), and part (i) of Proposition 5.7 shows that 
Ix is a group. The most important subgroup of /x is the subgroup Px of principal 
fractional ideals, i.e., those of the form aOx for some a € K*. The quotient Ix /Px 
is the ideal class group and is denoted by C(Ox). A basic fact is that C(Ox) is a 
finite group (see Borevich and Shafarevich [8, §3.7] or Marcus (77, Corollary 2 to 
Theorem 35]). In the case of imaginary quadratic fields, we will see in Theorem 5.30 
that the ideal class group is closely related to the form class group defined in §3. 

We will next introduce the idea of ramification, which is concerned with the be- 
havior of primes in finite extensions. Suppose that K is a number field, and let L be 
a finite extension of K. If p is a prime ideal of Ox, then pQ, is an ideal of O,, and 
hence has a prime factorization 


pO, = ‘y . Be 


where the B;’s are the distinct primes of L containing p. The integer e;, also written 
€s3,\p, 18 called the ramification index of p in $B;. Each prime 5; containing p also 
gives a residue field extension Ox/p C O,/B;, and its degree, written f; or fap,|p, is 
the inertial degree of p in §B;. The basic relation between the e;’s and f;’s is given by 


Theorem 5.8. Let K C L be number fields, and let p be a prime of K. If e; (resp. fi), 
i=1,...,g are the ramification indices (resp. inertial degrees) defined above, then 


& 
> efi = [E: Ki). 
i=} 


Proof. See Borevich and Shafarevich [8, §3.5] or Marcus [77, Theorem 21]. Q.E.D. 


In the situation of Theorem 5.8, we say that a prime p of K ramifies in L if any 
of the ramification indices e; are greater than 1. It can be proved that only a finite 
number of primes of K ramify in L (see Lang [72, §III.2] or Marcus [77, Corollary 3 
to Theorem 24]). 

Most of the extensions K C L we will deal with will be Galois extensions, and in 
this case the above description can be simplified as follows: 


Theorem 5.9. Let K C L be a Galois extension, and let p be prime in K. 


(i) The Galois group Gal{L/K) acts transitively on the primes of L containing p, 
ie, if Y and Y’ are primes of L containing p, then there is 0 € Gal(L/K) such 


that o ($B) = ’. 
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(ii) The primes B,,...,5B8, of L containing p all have the same ramification index 
e and the same inertial degree f, and the formula of Theorem 5.8 becomes 


efg=([L: K}. 


Proof. For a proof of (i), see Lang [72, §1.7] or Marcus [77, Theorem 23]. The proof 
of (ii) follows easily from (i) and is left to the reader (see Exercise 5.3). Q.E.D. 


Given a Galois extension K C L, an ideal p of K ramifies if e > 1, and is unramified 
if e= 1. If p satisfies the stronger condition e = f = 1, we say that p splits completely 
in L. Such a prime is unramified, and in addition pO, is the product of [L : K] distinct 
primes, the maximum number allowed by Theorem 5.9. In §8 we will show that L is 
determined uniquely by the primes of K that split completely in L. 

We will also need some facts concerning decomposition and inertia groups. Let 
K CL be Galois, and let 8 be a prime of L. Then the decomposition group and 
inertia group of B are defined by 


Dey = {o € Gal(L/K) : o(B) = PB} 
Ing = {0 € Gal(L/K) : o(a) =a mod ¥ for alla € O;}. 
It is easy to show that Jy; C Dg and that an element o € Ds induces an automorphism 
& of O,/% which is the identity on Ox/p, p = BM Ox (see Exercise 5.4). If G 
denotes the Galois group of Ox/p C O,/%, it follows that ¢ € G. Thus the map 


a ++ 6 defines a homomorphism Dy > G whose kernel is exactly the inertia group 
kg (see Exercise 5.4). Then we have: 


Proposition 5.10. Let Dsp, Iy3 and G be as above. 
(i) The homomorphism Dx > G is surjective. Thus Dry / Isp = G. 
(it) [Isp | = eB |p and |Dop| = ep pS p|p- 
Proof. See Lang [72, $1.7] or Marcus [77, Theorem 28]. Q.E.D. 


The following proposition will help us decide when a prime is unramified or split 
completely in a Galois extension: 


Proposition 5.11. Let K C L be a Galois extension, where L = K(a) for some a € 
O,. Let f(x) be the monic minimal polynomial of a over K, so that f(x) € Ox|x]. If 
p is prime in Ox and f(x) is separable modulo p, then 


(i) p is unramified in L. 


(ii) If f(x) = fi(x)-:: fe(x) mod p, where the f;(x) are distinct and irreducible 
modulo p, then B; = pO, + f;(a)Oz is a prime ideal of O,, PB; AB; for iF j, 


and 


pOl = Bi --- Pe. 
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Furthermore, the f;(x) all have the same degree, which is equal to the inertial 
degree f. 


(iii) p splits completely in L if and only if f (x) =0 mod p has a solution in Ox. 


Proof. Note that (i) and (iii) are immediate consequences of (ii) (see Exercise 5.5). 
To prove (ii), note that f(x) separable modulo p implies that 


F(x) =filx)--: f(x) mod p, 


where the f;(x) are distinct and irreducible modulo p. The fact that the above 
congruence governs the splitting of p in OQ, is a general fact that holds for arbitrary 
finite extensions (see Marcus [77, Theorem 27]). However, the decomposition group 
from Proposition 5.10 makes the proof in the Galois case especially easy. You will 
work this out in Exercise 5.6. Q.E.D. 


B. Quadratic Fields 


To better understand the theory just sketched, let’s apply it to the case of quadratic 
number fields. Such a field can be written uniquely in the form K = Q(/N), where 
N £0, 1 is a squarefree integer. The basic invariant of K is its discriminant dx, which 
is defined to be 


(5.12) a= {4 if N =1mod4 


4N otherwise. 


Note that dx = 0,1 mod 4 and K = Q(\/dx), so that a quadratic field is determined 
by its discriminant. 

The next step is to describe the integers Ox of K. Writing K = Q(./N), N square- 
free, one can show that 


Z[VN| N #1 mod4 
(5.13) Ox = 2(/o" 


5 | N=1mod4 


(see Exercise 5.7 or Marcus [77, Corollary 2 to Theorem 1]). Hence the rings Z[w] 
and Z/i] from §4 are the full rings of integers in their respective fields. Using the 
discriminant, this description of Ox may be written more elegantly as follows: 


(5.14) Ox=Z a 


(see Exercise 5.7). 

We can now explain the restriction (5.2) made on n in Theorem 5.1. Namely, 
given n > 0, let K be the imaginary quadratic field Q(,/—n). Then (5.12) and (5.13) 
imply that 


(5.15) dg =—4n => Ox =Z[|V—n| <=> nsatisfies (5.2) 
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(see Exercise 5.8). Thus the condition (5.2) on n is equivalent to Z[,/—n] being the 
full ring of integers in K. For other n’s, we will see in §7 that Z[,/—n] is no longer a 
Dedekind domain but still has a lot of interesting structure. 

We next want to discuss the arithmetic of a quadratic field K. As in §4, this means 
describing units and primes, the difference being that “prime” now means “prime 
ideal”, Let’s first consider units. Quadratic fields come in two flavors, real (dx > 0) 
and imaginary (dx < 0), and the units Of behave quite differently in the two cases. 
In the imaginary case, there are only finitely many units. In §4 we computed OF 
for K = Q(/—3) or Q(i), and for all other imaginary quadratic fields it turns out 
that O% = {+1} (see Exercise 5.9). On the other hand, real quadratic fields always 
have infinitely many units, and determining them is related to Pell’s equation and 
continued fractions (see Borevich and Shafarevich [8, §2.7]). 

Before describing the primes of Ox, we will need one useful bit of notation: if 
D=0,1 mod 4, then the Kronecker symbol (D/2) is defined by 


D 0 if D=0 mod 4 
(3)- 1 if D=1mod8& 


-l if D=5 mod 8. 


We will most often apply this when D = dx is the discriminant of a quadratic field 
K. The following proposition tells us about the primes of quadratic fields: 


Proposition 5.16. Let K be a quadratic field of discriminant dx, and let the nontriv- 
ial automorphism of K be denoted a> a’. Let p be prime in Z. 


(i) If (dx/p) =0 (i.e, p | dx), then pOx = p? for some prime ideal p of Ox. 
(ii) If (dx /p) = 1, then pOx = pp’, where p # p’ are prime in Ox. 
(iii) If (dx/p) = —1, then pOx is prime in Ox. 
Furthermore, the primes in (i)-(iii) above give all nonzero primes of Ox. 


Proof. To prove (i), suppose that p is an odd prime dividing dx, and let p be the ideal 


p= pOx+ VdxOx. 


Squaring, one obtains 


p? = p’Ox + pV dxOx +dxOx. 


However, dx is squarefree (except for a possible factor of 4) and p is an odd divisor, 
so that gcd(p,dx) = p. It follows easily that p? = pOx, and then the relation efg = 
[K : Q] =2 from Theorem 5.9 implies that p is a prime ideal. The case when p = 2 
is similar and is left as part of Exercise 5.10. 

Let’s next prove (ii) and (iii) for an odd prime p not dividing dx. The key tool 
will be Proposition 5.11. Note that f(x) = x* — dx is the minimal polynomial of the 
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primitive element //dx of K over Q, and since p{dx, f(x) is separable modulo p. 
Then Proposition 5.11 shows that p is unramified in K. 

If (dx/p) = 1, then the congruence x* = dx mod p has a solution, and conse- 
quently p splits completely in K by part (iii) of Proposition 5.11, i.e., pOx = pi po 
distinct primes p, and p2 of Ox. Since Gal(K /Q) acts transitively on the primes of K 
containing p (Theorem 5.9), we must have p,’ = pz, and it follows that pOx factors 
as claimed. If (dx /p) = —1, then f(x) = x* — dg is irreducible modulo p, and hence 
by part (ii) of Proposition 5.11, pOx is prime in K. 

The proof of (ii) and (iii) for p = 2 is similar and is left as an exercise (see Ex- 
ercise 5.10). It remains to prove that the prime ideals listed so far are all nonzero 
primes in Ox. The argument is analogous to what we did in Proposition 4.7, and the 
details are left to the reader (see Exercise 5.10). Q.E.D. 


From this proposition, we get the following immediate corollary which tells us 
how primes of Z behave in a quadratic extension: 


Corollary 5.17. Let K be a quadratic field of discriminant dx, and let p be an integer 
prime. Then: 


(i) p ramifies in K if and only if p divides dx. 


(ii) p splits completely in K if and only if (dx/p) = 1. Q.E.D. 


C. The Hilbert Class Field 


The Hilbert class field of a number field K is defined in terms of the unramified 
Abelian extensions of K. To see what these terms mean, we begin with the “Abelian” 
part. This is easy, for an extension K C L is Abelian if it is Galois and Gal(L/K) is 
an Abelian group. But we aren’t quite ready to define “unramified,” for we first need 
to discuss the ramification of infinite primes. 

Prime ideals of Ox are often called finite primes to distinguish them from the 
infinite primes, which are determined by the embeddings of K into C. A real infinite 
prime is an embedding a : K — R, while a complex infinite prime is a pair of complex 
conjugate embeddings 0,0: K + C, o #0. Given an extension K C L, an infinite 
prime o of K ramifies in L provided that c is real but it has an extension to L which is 
complex. For example, the infinite prime of Q is unramified in Q(Vv2) but ramified 
in Q(V—2). 

An extension K C L is unramified if it is unramified at all primes, finite or infinite. 
While this is a very strong restriction, it can happen that a given field has unramified 
extensions of arbitrarily high degree (an example is K = Q(/—2-3-5-7-11-13), 
a consequence of the work of Golod and Shafarevich on class field towers—see 
Roquette [85]). But if we ask for unramified Abelian extensions, a much nicer picture 
emerges. In §8 we will use class field theory to prove the following result: 


Theorem 5.18. Given a number field K, there is a finite Galois extension L of K 
such that: 
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(i) L is an unramified Abelian extension of K. 
(ii) Any unramified Abelian extension of K lies in L. Q.E.D. 


The field L of Theorem 5.18 is called the Hilbert class field of K. It is the maximal 
unramified Abelian extension of K and is clearly unique. 

To unlock the full power of the Hilbert class field L of K, we will use the Artin 
symbol to link L to the ideal structure of Ox. The following lemma is needed to 
define the Artin symbol: 


Lemma 5.19. Let K C L be a Galois extension, and let p be a prime of Ox which is 
unramified in L. If 3B is a prime of Oy containing p, then there is a unique element 
o € Gal(L/K) such that for all a € Ox, 


o(a) = aN) mod ¥, 
where N(p) = |Ox/p| is the norm of p. 


Proof. As in Proposition 5.10, let Dss and Jy; be the decomposition and inertia 
groups of $B. Recall that o € Ds; induces an element ¢ € G, where G is the Galois 
group of O,/%8 over Ox/p. Since p is unramified in L, part (ii) of Proposition 5.10 
tells us that |/q3| = esgjp = 1, and then the first part of the proposition implies that 
a+ 6 defines an isomorphism a 

Dy —> G. 
The structure of the Galois group G is well known: if Ox/p has q elements, then 
Gisa cyclic group with canonical generator given by the Frobenius automorphism 
xt+ x? (see Hasse (50, pp. 40-41]). Thus there is a unique a € Dy which maps to the 
Frobenius element. Since g = N(p) by definition, o satisfies our desired condition 


o(a) =a") mod PB for all a € Oz. 


To prove uniqueness, note that any o satisfying this condition must lie in Dy, and 
then we are done. Q.E.D. 


The unique element o of Lemma 5.19 is called the Artin symbol and is denoted 
((L/K)/38) since it depends on the prime ¥ of L. Its crucial property is that for any 
a € O,, we have 


(5.20) (= ) (a) = a") mod ¥, 


where p = $M Ox. The Artin symbol ((L/K)/%8) has the following useful proper- 
ties: 


Corollary 5.21. Let K C L be a Galois extension, and let p be an unramified prime 
of K. Given a prime $8 of L containing p, we have: 


(i) Ifo € Gal(L/K), then 
(sian) -° (eo 
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(ii) The order of ((L/K)/B) is the inertial degree f = frp}p. 
(iii) p splits completely in L if and only if ((L/K)/9B) = 1. 


Proof. The proof of (i) is a direct consequence of the uniqueness of the Artin symbol. 
The details are left to the reader (see Exercise 5.12). 

To prove (ii), recall from the proof of Lemma 5.19 that since p is unramified, the 
decomposition group Dg is isomorphic to the Galois group of the finite extension 
Ox/p Cc O/B whose degree is the inertial degree f. By definition, the Artin symbol 
maps to a generator of the Galois group, so that the Artin symbol has order f as 
desired. 

To prove (iii), recall that p splits completely in L if and only if e = f = 1. Since 
we’re already assuming that e = 1, (ili) follows immediately from (ii). Q.E.D. 


When K ¢ Lis an Abelian extension, the Artin symbol ((L/K)/38) depends only 
on the underlying prime p = 8M Ox. To see this, let be $B’ be another prime con- 
taining p. We’ve seen that 8’ = o (8) for some o € Gal(L/K). Then Corollary 5.21 


implies that 
(Gr) = (cen) =° Far "= 


since Gal(L/K) is Abelian. It follows that whenever K C L is Abelian, the Artin 
symbol can be written as ((L/K)/p). 

To see the relevance of the Artin symbol to reciprocity, let’s work out an example. 
Let K = Q(V—3) and L = K(1/2). Since Ox is the ring Z[w] of §4, it’s a PID, and 
consequently a prime ideal p can be written as 7Z[w], where 7 is prime in Z|w]. If 7 
doesn’t divide 6, it follows from Proposition 5.11 that 7 is unramified in L (see part 
(a) of Exercise 5.14). Since Gal(L/K) ~ Z/3Z is Abelian, we see that ((L/K)/7) 
is defined. To determine which automorphism it is, we need only evaluate it on /2. 
The answer is very nice: 


(5.22) (==) (v2) = (5) 


T us 


So the Artin symbol generalizes the Legendre symbol! To prove this, let $8 be a 
prime of ©; containing 7. Then, by (5.20), 


(=) (v2) = a" node 
= 2M(™)—-D/3./2 mod P. 


However, we know from (4.10) that 


2A = (=) mod 7, 
THs 
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and then 7 € $B implies 
L/K\ ;yzy _ [2\ 3 
(4) (72) = (2) v2 moa x. 


Since ((L/K)/7)(x/2) equals ¥/2 times a cube root of unity (which are distinct mod- 
ulo 8—see part (a) of Exercise 5.13), (5.22) is proved. In Exercise 5.14, we will 
generalize (5.22) to the case of the nth power Legendre symbol. 

When K Cc L is an unramified Abelian extension, things are especially nice be- 
cause ((L/K)/p) is defined for all primes p of Ox. To exploit this, let Jx be the set of 
all fractional ideals of Ox. As we saw in Proposition 5.7, any fractional ideal a € Ix 
has a prime factorization 


r 
a=], r,€Z, 
i=I[ 


and then we define the Artin symbol ((L/K)/«) to be the product 


a jaa \ Pi 
The Artin symbol thus defines a homomorphism, called the Artin map, 
L/K 
(4) : Ix —> Gal(L/K). 


Notice that when K C L is ramified, the Artin map is not defined on all of Ix. This is 
one reason why the general theorems of class field theory are complicated to state. 

The Artin Reciprocity Theorem for the Hilbert Class Field relates the Hilbert class 
field to the ideal class group C(Ox) as follows: 


Theorem 5.23. If L is the Hilbert class field of a number field K, then the Artin map 
L/K 
(4) : Ix — Gal(L/K) 


is surjective, and its kernel is exactly the subgroup Px of principal fractional ideals. 
Thus the Artin map induces an isomorphism 


C(Ox) —+Gal(L/K). Q.E.D. 


This theorem will follow from the results of §8. The appearance of the class group 
C(Ox) explains why L is called a “class field.” 

If we apply Galois theory to Theorems 5.18 and 5.23, we get the following clas- 
sification of unramified Abelian extensions of K (see Exercise 5.17): 


Corollary 5.24. Given a number field K, there is a one-to-one correspondence be- 
tween unramified Abelian extensions M of K and subgroups H of the ideal class 
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group C(Ox). Furthermore, if the extension K C M corresponds to the subgroup 
H © C(Ox), then the Artin map induces an isomorphism 


C(Ox)/H > Gal(M/K). QED. 


This corollary is class field theory for unramified Abelian extensions, and it il- 
lustrates one of the main themes of class field theory: a certain class of extensions 
of K (unramified Abelian extensions) are classified in terms of data intrinsic to K 
(subgroups of the ideal class group). The theorems we encounter in §8 will follow 
the same format. 

Theorem 5.23 also allows us to characterize the primes of K which split com- 
pletely in the Hilbert class field: 


Corollary 5.25. Let L be the Hilbert class field of a number field K, and let p be a 
prime ideal of K. Then 


p splits completely in L <=> p is a principal ideal. 


Proof. Corollary 5.21 implies that the prime p splits completely in L if and only if 
((L/K)/p) = 1. Since the Artin map induces an isomorphism C(Ox) ~ Gal(L/K), 
we see that ((L/K)/p) = 1 if and only if p determines the trivial class of C(Ox). By 
the definition of the ideal class group, this means that p is principal, and the corollary 
is proved. Q.E.D. 


In §8, we will see that the Hilbert class field is characterized by the property that 
the primes that split completely are exactly the principal prime ideals. 


D. Solution of p = x? +ny? for Infinitely Many n 
Now that we know about the Hilbert class field, we can prove Theorem 5.1: 


Proof of Theorem 5.1. The first step is to relate p = x” + ny” to the behavior of p in 
the Hilbert class field L. This result is sufficiently interesting to be a theorem in its 
own right: 


Theorem 5.26. Let L be the Hilbert class field of K = Q(./—n). Assume that n 
satisfies (5.2), so that Ox = Z|./—nl. If p is an odd prime not dividing n, then 


p=x+ny’ <=} p splits completely in L. 


Proof. Since n satisfies (5.2), (5.15) tells us that dx = —4n and Ox = Z[/—n]. Let 
p be an odd prime not dividing n. Then p{dx, so that p is unramified in K by 
Corollary 5.17. We will prove the following equivalences: 


pax +ny’ <> pOx = pp, p ¥P, and p is principal in Ox 
(5.27) <> pOx = pp, p # Pf, and p splits completely in L 
<=> p splits completely in L, 
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and Theorem 5.26 will follow. 

For the first equivalence, suppose that p = x? + ny? = (x + /—ny)(x — /—ny). 
Setting p = (x + /—ny) Ox, then pOx = pp must be the prime factorization of pOx 
in Ox. Note that p 4 p since p is unramified in K. Conversely, suppose that pOx = 
pp, where p is principal. Since Ox = Z[,/—n], we can write p = (x + /—ny)Ox. 
This implies that pOx = (x* + ny”)Ox, and it follows that p = x? +ny’. 

The second equivalence of (5.27) follows immediately from Corollary 5.25. To 
prove the final equivalence, we will use the following lemma: 


Lemma 5.28. Let L be the Hilbert class field of an imaginary quadratic field K, and 
let r denote complex conjugation. Then T(L) = L, and hence L is Galois over Q. 


Proof. It is easy to see that r(L) is an unramified Abelian extension of 7(K) = K. 
Since L is the maximal such extension, we have 7(L) Cc L, and then 7(L) = L since 
they have the same degree over K. Hence 7 € Gal(Z/Q), which implies that L is 
Galois over Q (see Exercise 5.19). Q.E.D. 


To finish the proof of (5.27), note that the condition 
pOx =pp, pf, and p splits completely in L 


says that p splits completely in K and that some prime of K containing p splits 
completely in L. Since L is Galois over Q, this is easily seen to be equivalent to p 
splitting completely in L (see Exercise 5.18), and Theorem 5.26 is proved. Q.E.D. 


The next step in the proof of Theorem 5.1 is to give a more elementary way of 
saying that p splits completely in L. We have the following criterion: 


Proposition 5.29. Let K be an imaginary quadratic field, and let L be a finite exten- 
sion of K which is Galois over Q. Then: 


(i) There is a real algebraic integer a such that L = K(a). 


(ii) Given a as in (i), let f(x) € Z[x] denote its monic minimal polynomial. If p is 
a prime not dividing the discriminant of f(x), then 


: ; (dx/p) =1 and f(x) =0 mod p 
PSpHES complete Ls? ve an integer solution. 
Proof. By hypothesis, L is Galois over Q, and thus [LMR : Q] = [L: K] since LAR 
is the fixed field of complex conjugation. This implies that fora € LOR, 


LOR=Q(a) — L=K(a) 


(see Exercise 5.19). Hence, if a € OL NR satisfies LAR = Q(a), then a is a real 
integral primitive element of L over K, and (i) is proved. Furthermore, given such an 
a, let f(x) be its monic minimal polynomial over Q. Then f(x) € Z[x], and since 
[LO R:Q] = [L:K], f(x) is also the minimal polynomial of a over K. 
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To prove the final part of (ii), let p be a prime not dividing the discriminant of 
f(x). This tells us that f(x) is separable modulo p. By Corollary 5.17 we have 


ath des d 
pOx=pp, pxP — (*) - 


We may assume that p splits completely in K, so that Z/pZ ~ Ox/p. Since f(x) 
is separable over Z/pZ, it is separable over Ox /p, and then Proposition 5.11 shows 
that 


p splits completely in L <=> f(x) =0 mod p is solvable in Ox 
<=> f(x) =0 mod pis solvable in Z, 


where the last equivalence again uses Z/pZ ~ Ox/p. The proposition now follows 
from the last equivalence of (5.27). Q.E.D. 


We can now prove the main equivalence of Theorem 5.1. Since the Hilbert class 
field L of K = Q(\/—n) is Galois over Q, Proposition 5.29 implies that there is a 
real algebraic integer a which is a primitive element of L over K. Let f,,(x) be the 
monic minimal polynomial of a, and let p be an odd prime dividing neither n nor the 
discriminant of f,(x). Then Theorem 5.26 and Proposition 5.29 imply that 


p=x+ny <= psplits completely in L 


(—n/p) = 1 and f,(x) =0 mod p 
has an integer solution. 


In the second equivalence, recall that n satisfies (5.2), so that d, = —4n, and hence 
(d/p) = (—n/p). 

It remains to show that the degree of f,(x) is the class number h(—4n). Using 
Galois theory and Theorem 5.23, it follows that f,(x) has degree 


[L : K] = |Gal(L/K)| = |C(Ox)]. 
In Theorem 5.30 below we will see that when dx < 0, there is a natural isomorphism 
C(Ox) ~ C(dx) 


between the ideal class group C(Ox) and the form class group C(dx) from §3. Since 
dx = —4n in our case, we have |C(Ox)| = |C(—4n)| = h(—4n), which completes the 
proof of Theorem 5.1. Q.E.D. 


The polynomial f,(x) of Theorem 5.1 is not unique—there are lots of primitive 
elements. However, we can at least predict its degree in advance by computing the 
class number h(—4n). In §8 we will see that knowing f,,(x) is equivalent to knowing 
the Hilbert class field. 

We have now answered our basic question of when p = x” + ny’, at least for those 
n Satisfying (5.2). Notice that quadratic forms have almost completely disappeared! 
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We used x” + ny’ in Theorem 5.26, but otherwise all of the action took place using 
ideals rather than forms. This is typical of what happens in modern algebraic number 
theory—ideals are the dominant language. At the same time, we don’t want to waste 
the work done on quadratic forms in §§2-3. So can we translate quadratic forms 
into ideals? In §7 we will study this question in detail. The full story is somewhat 
complicated, but the case of negative field discriminants is rather nice: here, the 
form class group C(dx) from §3 is isomorphic to the ideal class group C(Ox). More 
precisely, we get the following theorem, which is a special case of the results of §7: 


Theorem 5.30. Let K be an imaginary quadratic field of discriminant dx < 0. Then: 


(i) If f(x,y) = ax? + bxy + cy’ is a primitive positive definite quadratic form of 
discriminant dx, then 


[a,(—b + V/dx)/2] = {ma+n(—b + V/dx)/2: m,n € Z} 
is an ideal of Ox. 


(ii) The map sending f(x,y) to [a,(—b + dx) /2] induces an isomorphism be- 
tween the form class group C(dx) of §3 and the ideal class group C(Ox). 
Hence the order of C(Ox) is the class number h(dx). Q.E.D. 


If we combine Theorems 5.30 and 5.23, we see that the Galois group Gal(L/K) of 
the Hilbert class field of an imaginary quadratic field K is canonically isomorphic to 
the form class group C(dx). Thus the “class” in “Hilbert class field” refers to Gauss’ 
classes of properly equivalent quadratic forms. 

This theorem allows us to compute ideal class groups using what we know about 
quadratic forms. For example, consider the quadratic field K = Q(./—14) of discrim- 
inant —56. In §2 we saw that the reduced forms of discriminant —56 are x7+14y’, 
2x* + 7y? and 3x? + 2xy + 5y. The form class group C(—56) is thus cyclic of or- 
der 4 since only x? + 14y* and 2x? + 7y’ give classes of order < 2. Then, using 
Theorem 5.30, we see that the ideal class group C(Ox) is isomorphic to Z/4Z, 
and furthermore, ideal class representatives are given by [1, /—14] = Ox, [2, /—14] 
and [3,1++/—14]. See Exercises 5.20-5.22 for some other applications of Theo- 
rem 5.30. 

The final task of §5 is to work out an explicit example of Theorem 5.1. We will 
discuss the case p = x + 14y’, which was left unresolved at the end of §3. Of course, 
we know from Theorem 5.1 that there is some polynomial f14(x) such that 


(—14/p) = 1 and fi4(x) = 0 mod p 


3 2 
pax tidy) <= i an integer solution, 


but so far all we know about f,4(x) is that it has degree 4 since h(—56) = 4. This 
illustrates one weakness of Theorem 5.1: it tells us that f,4(x) exists, but doesn’t tell 
us how to find it. To determine fi4(x) we need to know the Hilbert class field of 
Q(/—14). The answer is as follows: 


Proposition 5.31. The Hilbert class field of K = Q(/—14) is L = K(a), where 
a= V2V2-1. 
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Proof. Since h(—56) = 4, the Hilbert class field has degree 4 over K. Then L = K(a) 
will be the Hilbert class field once we show that K C L is an unramified Abelian 
extension of degree 4. It’s easy to see that K C L is Abelian of degree 4, so that we 
need only show that it is unramified. Furthermore, since K is imaginary quadratic, 
the infinite primes are automatically unramified. 
Note that a? = 2/2 — 1, so that V2 € L. If we let K, = K(V2), then we have the 
extensions : 
KCK, cL, 


and it suffices to show that K C K; and K, C L are unramified (see Exercise 5.15). 
Since each of these extensions is obtained by adjoining a square root (K; = K(V2) 
and L = K,(,/z), w= 2,/2 — 1), let’s first prove a general lemma about this situation: 


Lemma 5.32. Let L = K(./u) be a quadratic extension with u € Ox, and let p be 
prime in Ox. 


(i) If 2u ¢ p, then p is unramified in L. 
(ii) f2 Ep, u¢ p andu=b* —4c for some b,c € Ox, then p is unramified in L. 


Proof. (i) Since the discriminant of x? —u is 4u¢ p, x* —u is separable modulo p. 
Thus p is unramified by Proposition 5.11. 

(ii) Note that L = K(), where 8 = (—b+ \/u)/2 is a root of x? + bx+c. The dis- 
criminant is b* — 4c = u ¢ p, so again p is unramified by Proposition 5.11. Q.E.D. 


Now we can prove Proposition 5.31. To study K C K,, let p be prime in Ox. Since 
K, = K(vV2), part (i) of Lemma 5.32 implies that p is unramified whenever 2 ¢ p. 
It remains to study the case 2 € p. Since /—14 € K and V2 € Ki, we also have 
V—TE Ki, ie., Kj = K(/—7). Since —7 ¢ p and —7 = 17 — 4-2, p is unramified 
by part (ii) of Lemma 5.372. 

The extension K; C Lis almost as easy. We know that L = K;(,/jt), w= 2/2~1. 


Let py! = —2\/2 — 1. Since Vp’ = V—7 € K, it follows that /y’ € L, and in fact 


L=Ki(Vm) = Kil). 


Now let p be prime in Ky. If 2 ¢ p, then w+ pu’ = —2 shows that p ¢ p or p’ ¢ p, and 
p is unramified by part (i) of Lemma 5.32. If 2 € p, then uw ¢ p since up = 272-1. 
We also have p= (1 + V2)? —4, and then part (ii) of Lemma 5.32 shows that p is 
unramified. Q.E.D. 


We can now characterize when a prime p is represented by x? + 14y?: 
Theorem 5.33. If p 47 is an odd prime, then 
(—14/p) = 1 and (x? + 1)* =8 mod p 


pH=xrt+l4y <> 
has an integer solution. 


Proof. Since a = \/2\/2 — 1 is a real integral primitive element of the Hilbert class 
field of K = Q(./—14), its minimal polynomial x* + 2x7 —7 = (x? + 1)? — 8 can be 
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chosen to be the polynomial f\4(x) of Theorem 5.1. Its discriminant is —2!*-7 (see 
Exercise 5.24), so that the only excluded primes are 2 and 7. Then Theorem 5.33 
follows immediately from Theorem 5.1. Q.E.D. 


These methods can be used to compute the Hilbert class field in other cases (see 
Herz [56]). For example, in Exercise 5.25, we will see that the Hilbert class field of 


K = Q(V-17) is L = K(a), where a = 4/(1+ V17)/2. This gives us an explicit 
criterion for a prime to be of the form x? + 17y? (see Exercise 5.26). 

One unsatisfactory aspect of these examples is that they don’t explain how the 
primitive element a of the Hilbert class field was found. In general, the Hilbert class 
field is difficult to describe explicitly, though this can be done for class numbers 
< 4 (see Herz [56]). In §6 we will use genus theory to discover the above primitive 
elements when K = Q(./—14) or Q(./—17), and in Chapter Three we will use com- 
plex multiplication to give a general method for finding the Hilbert class field of any 
imaginary quadratic field. 


E. Exercises 


5.1. Let Ox be the algebraic integers in a number field K. 


(a) Show that a nonzero ideal a of Ox contains a nonzero integer m. Hint: if 
a # Ois ina, let x*+a)x"~! +---+ 4, be its minimal polynomial. Show 
that m = a, is what we want. 


(b) Show that Ox /a is finite whenever a is a nonzero ideal of Ox. Hint: if m 
is the integer from (a), consider the surjection Ox /mOx + Ox/a. Use 
part (ii) of Proposition 5.3 to compute the order of Ox /mOx. 


(c) Use (b) to show that every nonzero ideal of Ox is a free Z-module of 


rank [K : Q]. 

(d) If we have ideals a; C a2 C ---, show that there is an integer n such that 
Gn = Gn41 =---. Hint: consider the surjections Ox/a; > Ox/a. 7 -:-, 
and use (b). 


(e) Use (b) to show that a nonzero prime ideal of Ox is maximal. 


5.2. We will study the elementary properties of fractional ideals in a number field 
K. Recall that a C K is a fractional ideal if, under ordinary addition and multi- 
plication, it is a finitely generated Ox-module. 


(a) Show that a is a fractional ideal if and only if a = ab, where a € K and 
b is an ideal of Ox. Hint: write each generator of a in the form a/8, 
a, B € Ox. Going the other way, use part (c) of Exercise 5.1 to show that 
ab is a finitely generated Ox-module. 


(b) Show that a nonzero fractional ideal is a free Z-module of rank [K : Q]. 
Hint: use (a) and part (c) of Exercise 5.1. 
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(c) Show that the product of two fractional ideals is a fractional ideal. 


5.3. Let K C L be a Galois extension, and let p C $$ be prime ideals of K and L 


respectively. 


(a) If o € Gal(L/K), then prove that e,(93)}p = eq3|p and fo(3)|p = Spip- 
(b) Prove part (ii) of Theorem 5.9. 


5.4, Let K C L be a Galois extension, and let $8 be prime in L. Then we have the 


decomposition group Dy = {o € Gal(L/K) : 0 ($8) = J} and the inertia group 
In = {0 € Gal(L/K) : o(a) =a mod ¥ for all a € Oy}. 
(a) Show that ky C Dy. 


(b) Show that o € Dy induces an automorphism 6 of O,/58 which is the 
identity on Ox/p, p= BNOx. 


(c) Let o € Dy. Then show that o € hy if and only if the automorphism o 
from (b) is the identity. 


5.5. In Proposition 5.11, prove that parts (i) and (iii) are consequences of part (ii). 


5.6. In this exercise, we will prove part (ii) of Proposition 5.11. Let $8 be a prime 


of O; containing p, and let Dy = {o € Gal(L/K) : o (SB) = PB} be the decom- 
position group. In Proposition 5.10 we observed that the order of Ds is ef, 
where e = egy), and f = fajp. 


(a) Since f(x) = fi(x)--- f,(x) mod p, show that f;(a) € 9B for some i. We 
can assume that f\(a) € $B. 

(b) Using f = [O_/ : Ox/p], prove that f > deg(fi(x)). 

(c) Since f\(o(a)) € 9 for all o € Dy, show that deg(fi(x)) > |Dp| = ef. 
Hint: this is where separability is used. 

(d) From (b) and (c) conclude that e = 1 and f = deg(fi(x)). Thus p is 
unramified in L. 

(e) Show that pO; = $B) ---B, where P; is prime in O, and fi(a) € P;j. 
This shows that all of the f;(x)’s have the same degree. 

(f) Show that 8; is generated by p and f;(a). Hint: let J; = pO, + fi{a)Ox. 
Use J; C 5B; and J; --- 7, C pO; to show that J; = B;. 


5.7. In this problem we will determine the integers in the quadratic field K = 


Q(VN), where N is a squarefree integer. Let a +> a’ denote the nontrivial 
automorphism of K. 


(a) Givena =r+sv/N € K, define the trace and norm of a to be 


T(a) =a+a’=2r 
N(a) = aad’ =r —s?N. 


5.8. 
5.9, 


5.10. 


5.11. 
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Then prove that for a, G € K, 


T(a+8) =T(a)+T(8) 
M(B) = N(a)N(8). 


(b) Given a € K, prove that a € Ox if and only if T(a), N(a@) € Z. 
(c) Use (b) to prove the description of Ox given in (5.13). 
(d) Prove the description of Ox given in (5.13). 


Use (5.12) and (5.13) to prove (5.15). 


In this exercise we will study the units in an imaginary quadratic field K. Let 
N(q) be the norm of a € K from Exercise 5.7. 


(a) Prove that a € Ox is a unit if and only if N(@) = 1. 

(b) Show that Of = {+1} unless K = Q(i) or Q(w), in which case OF = 
{+1,+i} or {+1,+w,-+w*} respectively. Hint: use (a) and (5.13). Ex- 
ercises 4.5 and 4.16 will also be useful. 


Let K be a quadratic field of discriminant dx, and let the nontrivial automor- 
phism of K be (a+ b\/dx)! = a—b,/dx. We want to complete the description 
of the prime ideals p of Ox begun in Proposition 5.16. Our basic tools will be 
Proposition 5.11 and the formula efg = 2 from Theorem 5.9. 


(a) If 2 | dx, then show that 20x = p”, p =p’ prime. Hint: write dx = 4N 
and set 
= { 20x+(1+VN)Ox  Nodd 
= 20x + VNOx N even. 


(b) If 2{ dx, then show that 


dy = 1mod8 = > 20x = pp’, p#p’ prime 
dx =Smod8 <> 20x is prime in Ox. 


Hint: apply Proposition 5.11 to K = Q(a), a = (1+ Vdx)/2. 


(c) Show that the ideals described in parts (i)-(iii) of Proposition 5.16 give 
all prime ideals of Ox. Hint: use norms to prove that any prime ideal p 
contains a nonzero integer m. Thus p | mOx, and we are done by unique 
factorization. 


Notice how these results generalize the descriptions given in Propositions 4.7 
and 4.18 of the primes in Z[w] and Z[i]. 


This problem will study the norm of a prime p in a number field K. Recall that 
the norm N(p) is defined by N(p) = |Ox/p|. Let p be the unique prime of Z 
contained in p. 
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(a) Show that N(p) = p’, where f is the inertial degree of p over p. 


(b) Now assume that p is prime in a quadratic field K. Show that 
p\dx: N(p)=p 
Pp p Splits completely in K 
ptdx: N(p) = . 
P 


pOk is prime in Ox. 
Hint: use efg = 2. 
5.12. This exercise is concerned with the Artin symbol ((L/K)/9B). 


(a) Prove part (1) of Corollary 5.21. 


(b) Let K C L be a Galois extension and let p be a prime of K unramified in 
L. Prove that the set {((L/K)/38) : QB is a prime of L containing p} is a 
conjugacy class of Gal(L/K). This conjugacy class is defined to be the 
Artin symbol ((L/K)/p) of p. 


5.13. Assume that the number field K contains a primitive nth root of unity ¢. In this 
problem we will discuss a generalization of the Legendre symbol. Let a € Ox 
and let p be a prime ideal of Ox such that na ¢ p. 


(a) Prove that 1,¢,...,¢”~! are distinct modulo p. Hint: show that x” — 1 is 
separable modulo p. 
(b) Use (a) to prove that n | N(p) — 1. 


(c) Show that a¥(P)-)/" congruent to a unique nth root of unity modulo p. 
This allows us to define the nth power Legendre symbol (a/p), to be the 
unique nth root of unity such that 


alN(P)—V/n = (2) mod p. 


(d) Prove that (a/p), = 1 if and only if a is an nth power residue modulo p. 


5.14. Let K,n,a and p be as in the previous exercise, and let L = K(¥/a). Note that 
L is an Abelian extension of K. In this problem we will relate the Legendre 
symbol (a/p),, to the Artin symbol ((L/K)/p). 


(a) Show that p is unramified in L. Hint: show that x’ — a is separable mod- 
ulo p and use Proposition 5.11. 


(b) Generalize the argument of (5.22) to show that 


(4) oa-() 


p p 


5.15. Suppose that K C M C L are number fields. 


5.16. 


5.17. 


5.18. 


5.19. 


5.20. 


5.21. 
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(a) Let p be prime in Ox, and assume that p C B C ’, where P (resp. P’) 
is prime in Oy (resp. O,). Then show that egg), = esp pempp- 


(b) Prove that a prime p of Ox is unramified in L if and only if p is unramified 
in M and every prime of Oy lying over p is unramified in L. 


(c) Prove that L is an unramified extension of K if and only if L is unramified 
over M and M is unramified over K. 


Let K C L be an unramified Abelian extension, and assume that K CM CL, 
By the previous exercise, K C M is unramified, and it is clearly Abelian. We 
thus have Artin maps 


(4) :Ix —> Gal(L/K) 
(4) : Ix —> Gal(M/K) 


and we also have the restriction map r : Gal(L/K) — Gal(M/K). Then use 
Lemma 5.19 to prove that 


(tt) =n ( tt), 


Prove Corollary 5.24. Hint: besides Galois theory and Theorems 5.18 and 
5.23, you will also need Exercises 5.15 and 5.16. 


If K CM CL, where L and M are Galois over K, then prove that a prime p 
of Ox splits completely in L if and only if it splits completely in M and some 
prime of Oy containing p splits completely in L. 


Let K be an imaginary quadratic field, and let K Cc L be a Galois extension. As 
usual, 7 will denote complex conjugation. 
(a) Show that L is Galois over Q if and only if 7(L) = L. 
(b) If Lis Galois over Q, then prove that 
(i) [LAR : Q] = [L: K]. 
(ii) Fora € LAR, LNR=Q(a) <=> L=K(a). 
Show that Z[(1 + /—19)/2] is a UFD. Hint: every PID is a UFD (see Ireland 


and Rosen [59, §1.3] or Marcus [77, pp. 255—256]). Thus, by Theorem 5.30, 
it suffices to show that h(—19) = 1. 


In this exercise we will study the ring Z[./—2]. 


(a) Use Theorem 5.30 to show that Z|./—2] is a UFD. 
(b) Show that \/—2 is a prime in Z[/—2]. 
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(c) If ab = w in Z[\/—2] and a and b are relatively prime, then prove that a 
and b are cubes in Z[/—2]. 


5.22. We can now give a second proof of Fermat’s theorem that (x,y) = (3, +5) are 
the only integer solutions of the equation x° = y? + 2. 


(a) If x* = y? +2, show that y+ /—2 and y — \/—2 are relatively prime in 
Z|V—2]. Hint: use part (b) of Exercise 5.21. 
(b) Use part (c) of Exercise 5.21 to show that (x,y) = (3,5). 


This argument is due to Euler [33, Vol. I, Chapter XII, §§ 191-193], though he 
assumed (without proof) that Exercise 5.21 was true. 


5.23. If D = 1 mod 4 is negative and squarefree, prove a version of Theorems 5.1 
and 5.26 for primes of the form x? + xy + ((1 —D)/4)y?. 


5.24. Prove that the discriminant of x* + bx? + c equals 24c(b? — 4c)?. Hint: write 
down the roots explicitly. 


5.25, Let K = Q(V—17). 
(a) Show that C(Ox) ~ Z/4Z. 
(b) Show that the Hilbert class field of K is given by L = K(a), where a = 
\/ (1+ V17)/2. Hint: use the methods of Proposition 5.31. The only 


tricky part concerns primes of K(V17) which contain 2. Setting u = 
(1+ V717)/2 and uw’ = (1 — V17)/2, note that u and uw’ satisfy x = x? — 4. 


5.26. Prove an analog of Theorem 5.33 for primes of the form x” + 17y?. 
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In Chapter One we studied the genus theory of primitive positive definite quadratic 
forms, and our main result (Theorem 3.15) was that for a fixed discriminant D: 


(i) There are 2“—' genera, where yz is the number defined in Proposition 3.11. 
(ii) The principal genus consists of squares of classes. 


In this section, we will use Artin reciprocity for the Hilbert class field of an imaginary 
quadratic field K to prove (i) and (ii) when D is the discriminant dx of K. This result 
is less general than what we proved in §3, but the proof is such a nice application of 
the Hilbert class field that we couldn’t resist including it. Readers more interested in 
p =x? + ny’ may skip to §7 without loss of continuity. 

The key to the class field theory interpretation of genus theory is the concept of the 
genus field. Given an imaginary quadratic field K of discriminant dx, Theorem 5.30 
tells us that the form class group C(dx) is isomorphic to the ideal class group C(Ox). 
The principal genus is a subgroup of C(dx) and hence maps to a subgroup of C(Ox). 
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By Corollary 5.24, this subgroup determines an unramified Abelian extension of K 
which is called the genus field of K. Theorem 6.1 below will describe the genus field 
explicitly and show that the characters used in Gauss’ definition of genus appear in 
the Artin map of the genus field. This will take a fair amount of work, but once done, 
(i) and (ii) above will follow easily by Artin reciprocity. We will then discuss how 
the genus field can help in the harder problem of determining the Hilbert class field. 


A. Genus Theory for Field Discriminants 
Here is the main result of this section: 


Theorem 6.1. Let K be an imaginary quadratic field of discriminant dx. Let 1 be the 
number of primes dividing dx, and let p,..., Pp, be the odd primes dividing dx (so 
that 1. =r or r+ according to whether dx =0 or 1 mod 4). Set p* = (—1)-))/? p,. 
Then: 


(i) The genus field of K is thé maximal unramified extension of K which is an 
Abelian extension of Q. 


(ii) The genus field of K is K(,/pj,.--,./p¥). 


(ili) The number of genera of primitive positive definite forms of discriminant dx is 
Dee, 


(iv) The principal genus of primitive positive definite forms of discriminant dx 
consists of squares of classes. 


Proof. First, note that for field discriminants dx, the number y defined in the state- 
ment of the theorem agrees with the one defined in Proposition 3.11 (see Exer- 
cise 6.1). Note also that (iii) and (iv) of the theorem are the facts about genus theory 
that we want to prove. 

To start the proof, let ZL be the Hilbert class field of K, and let M be the unram- 
ified Abelian extension of K corresponding to the subgroup C(Ox)* C C(Ox) via 
Corollary 5.24. We claim that 


(6.2) M is the maximal unramified extension of K Abelian over Q. 


To prove this, consider an unramified extension M of K which is Abelian over Q. 
Then M is also Abelian over K, so that M C L, and we thus have the following 
diagram of fields: 


(6.3) Abelian 


L 
| 
M 
| 
K 
| 
Q 
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We want the maximal such M. Since L is Galois over Q (see Lemma 5.28), we can 
interpret (6.3) via Galois theory. Let G = Gal(L/Q). Then M being Abelian over Q 
is equivalent to [G,G] C Gal(L/M), where [G, G] is the commutator subgroup of G 
(see Exercise 6.2). Note also that [G,G] C Gal(L/K) since the latter has index two 
in G.Thus M satisfies (6.3) if and only if 


[G,G] C Gal(L/M) C Gal(L/K). 


It follows by Galois theory that the maximal unramified extension of K Abelian 
over Q is the one that corresponds to [G,G]. By Theorem 5.23, Gal(L/K) can be 
identified with C(Ox) via the Artin map. If we can show that [G,G] C Gal(L/K) 
maps to C(Ox)* C C(Ox), then (6.2) will follow. 

We first compute G = Gal(L/Q). We have a short exact sequence 


1 —+ Gal(L/K) —> G —+ Gal(K/Q) — 1 


which splits because complex conjugation 7 is in G by Lemma 5.28. Thus G is the 
semidirect product Gal(L/K) x (Z/2Z), where Z/2Z acts by conjugation by r. 

Under the isomorphism Gal(L/K) ~ C(Ox), conjugation by 7 operates on C(Ox) 
by sending an ideal to its conjugate. To see this, let p be a prime ideal of Ox. Then 
the uniqueness part of Lemma 5.19 shows that 


(8) 


(see Exercise 6.3), and our claim follows. However, for any ideal a of Ox, we will 
prove in Lemma 7.14 that the product ad is always a principal ideal, and it follows 
that the class of @ is the inverse of the class of a in C(Ox) Hence G may be identified 
with the semidirect product C(Ox) x (Z/2Z), where the nontrivial element of Z/2Z 
acts by sending an element of C(Ox) to its inverse. 

It is now easy to show that [G,G] = C(Ox)*. First, note that C(Ox)* is normal 
in G (any subgroup of C(Ox) is, which has unexpected consequences—see Exer- 
cise 6.4), and since Z/2Z acts trivially on C(Ox)/C(Ox)? (every element is its own 
inverse), we have 


(6.5) G/C(Ox)’ & (C(Ox) » (Z/2Z)) /C(Ox)? 
~ (C(Ox)/C(Ox)’) x (Z/2Z), 


so that G/C(Ox)? is Abelian (see Exercise 6.5). It follows that [G,G] C C(Ox)*. To 
prove the opposite inclusion, note that if a € C(Ox), then (a, 1) € C(Ox) » (Z/2Z), 
and hence 

(a,1)(1,7)(a,1)-"(1,7)"! = (a, 1), 


where 7 is the nontrivial element of Z/2Z. This proves that [G,G] = C(Ox)’, and 
(6.2) is proved. 
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We will next show that 


(6.6) M = K(\/p%,..-, pr); 


where p?’s are as in the statement of the theorem. We begin with two preliminary 
lemmas. The first concerns some general facts about ramification and the Artin sym- 
bol: 


Lemma 6.7. Let L and M be Abelian extensions of a number field K, and let p be 
prime in Ox. 


(i) p is unramified in LM if and only if it is unramified in both L and M. 


(ii) If p is unramified in LM, then under the natural injection 
Gal(LM/K) —> Gal(L/K) x Gal(M/K), 
the Artin symbol ((LM/K)/p) maps to (((L/K)/p), ((M/K)/p)). 


Proof. See Exercise 6.6, or, for a more general version of these facts, Marcus [77, 
Exercises 10-11, pp. 117-118]. Q.E.D. 


The second lemma tells us when a quadratic extension K C K(./a), a € Z, is 
unramified: 


Lemma 6.8. Let K be an imaginary quadratic field of discriminant dx, and let 
K(,/a) be a quadratic extension where a € Z. Then K C K(,/a) is unramified if 
and only if a can be chosen so that a | dx and a= | mod 4. 


Proof. For the most part, the proof is a straightforward application of the techniques 
used in the proof of Proposition 5.31. See Exercises 6.7, 6.8 and 6.9 for the details. 
Q.E.D. 


We can now prove (6.6). Let M* = K(,/pj,...,./pz). Since p} divides dx and 
satisfies p* = 1mod4,K CK (/pF ) is unramified by Lemma 6.8, and consequently 
K C M* is unramified by Lemma 6.7. But M* = Q(Vdk, \/p7,.--, /D¥) is clearly 
Abelian over Q, so that M* C M by the sect of M. 

To prove the opposite inclusion, we first study Gal(M/Q). Since QC MCL 
corresponds to G > Cz > {1} under the Galois correspondence, we have 


Gal(M/Q) ~ Gal(L/Q)/Gal(L/M) = G/C(Ox)’, 


so that by (6.5), Gal(M/Q) ~ (Z/2Z)" for some m. Then Galois theory shows that 
M = Q(/ai,.--,./@m) where a1,...,dm € Z (see Exercise 6.10). Thus M is the 
compositum of quadratic extensions K C K(,/a;), a; € Z, and by Lemma 6.7, each 
of these is unramified. 

It suffices to show that M* contains all unramified extensions K C K(./a),a € Z. 
By Lemma 6.8, we may assume that a = 1 mod 4 and that a | dx. It follows that a 
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must be of the form pj --- pj, 1 <i) <--+ <i, <r, so that K (/a) is clearly contained 
in M*. This completes the proof of (6.6). 
We will next show that [M : Q] = 24. Note that M = Q( ee aD si<syalpn 


When dx = 1 mod 4, we have dx = pj --- p*, so that [M : Q] = 2’ = 2# since wp =r 

in this case. When dx = 0 mod 4, we can write dx = —4n,n > i and then we have 
(CAVA array sre) n=1mod4 

(6.9) M= ae VBE) n=6 mod 8 


Q(V—2, \/ pi... PF) n=2 mod 8 


(see Exercise 6.11). Thus [M : Q] = 2’t! = 24, Since [C(Ox) : C(Ox)?] equals half 
of [G : C(Ox)?] = [M : Q] = 2+, we have proved that 


(6.10) [C(Ox) :C(Ox)?] = 247!. 


We can now compute the Artin map ((M/K)/-) : Ix > Gal(M/K). If we set 
K; = K(,/p*), then M is the compositum Kj --- K,, and we have a natural injection 


(6.11) Gal(M/K) —> Il Gal(K;/K). 


i=! 


Furthermore, we may identify Gal(K;/K) with {+1}, so that composing the Artin 
map with (6.11) gives us a homomorphism 


Ox : In —> {41}’. 


We claim that if a is an ideal of Ox prime to 2dx, then x(a) can be computed in 
terms of Legendre symbols as follows: 
&) 
Pr 


(6.12) x(a) = (2)... 
Pi 
where N(a) = |Ox/al is the norm of a. 

To prove (6.12), we will need one basic fact about norms: if a and 6 are ideals 
of Ox, then N(ab) = N(a)N(6) (see Lemma 7.14 or Marcus [77, Theorem 22]). It 
follows that both sides of (6.12) are multiplicative in a, so that we may assume that a 
is a prime ideal p of Ox. Then Lemma 6.7, applied to (6.11), shows that ((M/K)/p) 


maps to the r-tuple 
(A) ASS) 
- a . 
If we can show that 


(6.13) (#25) (VP?) = (me) Vv PF, 


p Di 


then (6.12) will follow immediately. 


A. GENUS THEORY FOR FIELD DISCRIMINANTS 113 


To prove (6.13), let $8 be a prime of Ox, containing p, and set o = ((K;/K)/p). 
By Lemma 5.19 we see that 


(6.14) o(/pF) = prt = (pt) @)-9/2,/pF mod P. 


Since K is a quadratic field, it follows that N(p) = p or p* (see Exercise 5.11), and 
thus here are two cases to consider. 
If N(p) = p, then we know that 


(pre? = (2) mod p. 


Since p € ¥ and (p*/p) = (p/p;) by quadratic reciprocity, (6.14) reduces to 


o(/pr) = (2) VP = (“e ) VF moa ®, 


Pi 


and we are done. If N(p) = p”, then by Fermat’s Little Theorem, 


* _ * -1 
Gee = ((; aed = 1 mod p, 


so that (6.14) becomes 


o( Vor) = Vai = (“2) oF moa, 


and (6.13) is proved. This proves (6.12). 

For the rest of the proof, we will assume that dx = —4n,n > 0 (see Exercise 6.12 
for the case dx = 1 mod 4). Here, it is easily checked that the map (6.11) is an 
isomorphism, and then Artin reciprocity (Corollary 5.24) for K C M means that the 
map ®x : Ix — {+1}’ of (6.12) induces an isomorphism 


C(Ox)/C(Ox)’ “> {#1}, 


where the A stands for Artin. 

It’s now time to bring in quadratic forms. Let C(dx) be the class group of primitive 
positive definite forms of discriminant dx = —4n, and let P be the principal genus. 
Recall from the proof of Theorem 3.15 that we have the j, = r+ 1 assigned characters 
X0,X1--+>Xr, where xo is one of 6, € or de, and x;(a) = (a/p;) fori=1,...,r. In 
Lemma 3.20, we proved that if f(x,y) represents a number a prime to 4n, then the 
genus of f(x,y) is determined by the (r + 1)-tuple (xo(a@), x1 (a),..-,x,(a)). Thus 
we have an injective map 


C(dx)/P — {£1}, 


where the G stands for Gauss. 
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To relate the two maps A and G, we will use the isomorphism C(dx) ~ C(Ox) of 
Theorem 5.30. Since C(dx)* € P, we get the following diagram: 


C(de)/Cldx)? —"—> Cla) /P 3 fy"! 


(6.15) | | 


C(Ox)/C(Ox)? ——-____ {41} 


where « : C(dx)/C(dx)? —> C(dx)/P is the natural surjection and z is the projection 
onto the last r factors. 

We claim that this diagram commutes, which means that Gauss’ definition of 
genus is amazingly close to the Artin map of the genus field. (The full story of the 
relation is worked out in Exercise 6.13.) 

To prove that (6.15) commutes, let f(x,y) = ax? + 2bxy + cy’ be a form of dis- 
criminant —4n. We can assume that a is relatively prime to 4n. Then, in (6.15), if we 
first go across and then down, we see that the class of f(x,y) maps to 


(6.16) (1(a),..-, x(a) = ((4).--.(4)). 


Let’s see what happens when we go the other way. By Theorem 5.30, f(x,y) corre- 
sponds to the ideal a = [a,b + /—n] of Ox. However, it is easy to see that the natural 
map 


(6.17) Z/aZ — Ox/a 


is an isomorphism (see Exercise 6.14). Thus a has norm M(a) = a, and our descrip- 
tion of the Artin map from (6.12) shows that f(x,y) maps to 


wm (C22) 


Comparing (6.16) and (6.18), we see that (6.15) commutes as claimed. 

Now everything is easy to prove. If we go down and across in (6.15), the resulting 
map is injective. By commutivity, it follows that a : C(dx)/C(dx)? + C(dx)/P must 
be injective, which proves that C(dx)? = P, and part (iv) of the theorem is done. The 
number of genera is thus [C(dx) : P] = [C(dx) : C(dx)*] = [C(Ox) : C(Ox)?] = 247! 
(the last equality is (6.10)), and (iii) follows. Finally, since P = C(dx)* corresponds 
to C(Ox)’, we see that M is the genus field of K, and then (i) and (ii) follow from 
(6.2) and (6.6). Theorem 6.1 is proved. Q.E.D. 


B. Applications to the Hilbert Class Field 


Theorem 6.1 makes it easy to compute the genus field. So let’s see if the genus 
field can help us find the Hilbert class field, which in general is more difficult to 
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compute. The nicest case is when the genus field equals the Hilbert class field, 
which happens for field discriminants where every genus consists of a single class 
(see Exercise 6.15). In particular, if dx = —4n, then this means that n is one of Euler’s 
convenient numbers (see Proposition 3.24). Of the 65 convenient numbers on Gauss’ 
list in §3, 35 satisfy the additional condition that dx = —4n (see Exercise 6.15), so 
that we can determine lots of Hilbert class fields. For example, when K = Q(/—5), 
Theorem 6.1 tells us that the Hilbert class field is K(/5) = K(i). Other examples are 
just as easy to work out (see Exercise 6.16). 

The more typical situation is when the Hilbert class field is strictly bigger than 
the genus field. It turns out that the genus field can still provide us with useful 
information about the Hilbert class field. Let’s consider the case K = Q(V—14). 
Here, the genus field is M = K(/—7) = K(V2) by Theorem 6.1. Since the class 
number is 4, we know that the Hilbert class field is a quadratic extension of M, so 
that L = M(,/u) for some u € M. This is already useful information, but we can do 
better. In Theorem 5.1, we saw the importance of a real primitive element of the 
Hilbert class field. So let’s intersect everything with the real numbers. This gives 
us the quadratic extension MMR C LMR. Since M = K(V2) = Q(V—14, v2), it 
follows that MOR = Q(V2). Thus we can write LDR = Q(V2, V/u), where u > 0 
is in Q(/2), and from this it is easy to prove that 


L=K(Vu), u=at+bvV2>0, abeZ 


(see Exercise 6.17). Hence genus theory explains the form of the primitive ele- 


ment a = 22-1 of Proposition 5.31. In Exercise 6.18, we will continue this 
discussion and show how one can take u = a+b,2 and discover the precise form 
u = 2/2 — 1 of the primitive element of the Hilbert class field. 

It’s interesting to compare this discussion of x* + 14y? to what we did in §3. 
The genus theory developed in §3 told us when p was represented by x* + 14y’ or 
2x* + 7y*, but this partial information didn’t help in deciding when p = x* + 14y?. In 
contrast, the genus theory of Theorem 6.1 determines the genus field, which helps us 
understand the Hilbert class field. The field-theoretic approach seems to have more 
useful information. 

This ends our discussion of genus theory, but it by no means exhausts the topic. 
For more complete treatments of genus theory from the point of view of class field 
theory, see Hasse [51], Janusz [62, §VI.3] and Cohn’s two books [19, Chapters 14 
and 18] and (21, Chapter 8]. Genus theory can also be studied by standard methods 
of algebraic number theory, with no reference to class field theory. Both Cohn [20, 
Chapter XIII] and Hasse [50, §§26.8 and 29.3] use the Hilbert symbol in their dis- 
cussion of genera. For a more elementary approach, see Zagier [111]. Genus theory 
can also be generalized in several ways. It is possible to define the genus field of an 
arbitrary number field (see Ishida [60]); and in another direction, one can formulate 
genus theory from the point of view of algebraic groups and Tamagawa numbers 
(Ono [82] has a nice introduction to this subject). For a survey of all these aspects of 
genus theory, see Frei [39]. 
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C. Exercises 


6.1. 


6.2. 


6.3. 


6.4. 


6.5. 


6.6. 


6.7. 


Let dx be the discriminant of a quadratic field. When considering forms of 
discriminant dx, show that the number yu from Proposition 3.11 is just the 
number of primes dividing dx. 


Suppose that we have fields K C MC L, where L is Galois over K with 
group G = Gal(L/K). Prove that M is Abelian over K if and only if [G,G] c 
Gal(L/M). 


Prove statement (6.4). 


If K is an imaginary quadratic field and M is an unramified Abelian exten- 
sion of K, then prove that M is Galois over Q. Hint: use the description of 
Gal(L/Q), where L is the Hilbert class field of K. 


Prove statement (6.5). 
In this problem we will prove Lemma 6.7. Let p be a prime of Ox . 
(a) If p is unramified in LM, then use Exercise 5.15 to show that it’s unram- 


ified in both L and M. 


(b) Prove the converse of (a). Hint: assume not. Then use the facts about 
the decomposition group from Proposition 5.10 to find o € Gal(LM/K) 
with o # 1 such that o(a@) = a mod F for all a € Oxy (and $ is a prime 
of Oy» containing p). Argue that the restrictions o|, and o|,, are the 
identity. Note that (a) and (b) prove part (i) of Lemma 6.7. 


(c 
(d 


wa 


Use Exercise 5.16 to prove part (ii) of Lemma 6.7. 


ar) 


With the same hypothesis as Lemma 6.7, show that p splits completely 
in LM if and only if it splits completely in both L and M. In Exercise 8.14 
we will see that this result can be proved without assuming that L and M 
are Galois over K. 


Let K = Q(i, V2m), where m € Z is odd and squarefree. 


(a) Leta =(1+i)V2m/2. Show that a” = im, and conclude that a € Ox. (It 
turns out that 1, i, /2m and a form an integral basis of Ox—see Marcus 
(77, Exercise 42 of Chapter 2].) 


(b) Let $B be the ideal of Ox generated by 1+iand 1+ a. Show that 20x = 
$84, and conclude that 8 is prime. Hint: compute }. 


6.8. Let K be an imaginary quadratic field. We want to show that if K C K(i) is 


unramified, then dx = 12 mod 16. 
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(a) Show that K C K(i) is ramified when dx = 1 mod 4. Hint: consider the 


diagram of fields 
K(i) 
ys 
QW) J 7 
Q 


If K C K(i) is unramified, show that 2 is unramified in K(i). But 2 rami- 
fies in Q(i). Exercise 5.15 will be useful. 

(b) Show that the extension is ramified when dx = 0 mod 8. Hint: if it’s 
unramified, show that the ramification index of 2 in K(i) is at most 2. 
Then use Exercise 6.7. 


Since an even discriminant is of the form 4N, where N = 2,3 mod 4, it follows 
from (a) and (b) that dy = 12 mod 16 when K C K‘(i) is unramified. 


6.9. In this exercise we will prove Lemma 6.8. 


(a) Prove that K C K(,/a) is unramified when a | dx and a = 1 mod 4. Hint: 
when 2 ¢ p, note that dx = ab, where K(./a) = K(Vb). 


(b) Assume that K C K(,/a) is unramified. Show that a | dx. Hint: if p is a 
prime such that p | a, p { dx, then analyze p in the fields 


K(Va) 


(c) Show that a may be chosen to be odd when dx is even. Hint: by Proposi- 
tion 5.16, 20¢ = p’, p prime in Ox. Set L = K(,/a) and let $$ be a prime 
of O, containing p. Then let K’ be the fixed field of the inertia group 
hg C Gal(L/Q). Show that 2 is not ramified in K’, so that K’ = Q(V/a’) 
for a’ odd. Proposition 5.10 will be useful. 

(d) Let K C K(,/a) be unramified, where a | dx is odd. 

(i) If a=3 mod 4, show that dx = 12 mod 16. Hint: apply (a) to —a, 
and then use Exercise 6.8. 

(ii) If dx = 12 mod 16, show that K(,/a) = K(vb), where b | dx and 
b=1 mod 4. Hint: factor dr. 


Lemma 6.8 follows easily from (a)—(d). 
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6.10. 


6.11. 
6.12. 
6.13. 


6.14. 
6.15. 


6.16. 
6.17. 


6.18. 
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If M is a Galois extension of Q and Gal(M/Q) ~ (Z/2Z)”, then show that 
M =Q(/ai,...,./Gm), a; € Z squarefree. 


Prove the description of the genus field M given in (6.9). 
Complete the proof of Theorem 6.1 when dx = 1 mod 4, dx < 0. 


Let K be an imaginary quadratic field of discriminant —4n. The description of 
the genus field M given in (6.9) gives us an isomorphism 


Gal(M/Q) —> {+1}. 
However, we also have maps 
C(—4n) —+ C(Ox) — Gal(M/K). 


If we combine these with the natural inclusion Gal(M/K) C Gal(M/Q), then 
we get a map 
C(—4n) — {+1}". 


Show that this map is exactly what Gauss used in his definition of genus. Hint: 
it’s fun to see the characters €, 6 and €6 from §3 reappear. For example, when 
n is odd, the key step is to show that 


(MA) = aeniayy 


for ideals a prime to 4n. The proof is similar to the proof of (6.13). 
Prove that the map (6.17) is an isomorphism. 


In this exercise we will study when the genus field equals the Hilbert class 
field. 


(a) Prove that the genus field of an imaginary quadratic field K equals its 
Hilbert class field if and only if for primitive positive forms of discrimi- 
nant dx, there is only one class per genus. 


(b) Of Gauss’ list of 65 convenient numbers n in §3, which satisfy the con- 
dition (5.2) that guarantees that —4n is a field discriminant? This gives 
us a list of fields where we know the Hilbert class field. 


Compute the Hilbert class fields of Q(./—6), Q(./—10) and Q(/—35). 


Let K = Q(./—14), and let L be the Hilbert class field of K. The genus field 
M of K is K(./—7) = K(V2), so that L is a degree 2 extension of M. Use the 
hints in the text to show that L = K(./u), where u = a+ bV2>0,a,b€ Z. 


In this exercise we will discover a primitive element for the Hilbert class field 
L of K = Q(/—14). From the previous exercise, we know that L = K(,/u), 
where u=a+bV/2>0,a,b € Z. Let u! =a—bv2. 


6.19. 


6.20. 


C. EXERCISES 119 


(a) Show that Gal(L/Q) is the dihedral group 
Gao S10 =1,07r S70") 


of order 8, where o(./u) = Vu’ and 7 is complex conjugation. Conclude 
that o?(./u) = —/uand r(Vu') = —Vu'. 

(b) Show that Q(./—7) is the fixed field of a? and or. 

(c) Show that uw’ is fixed by o? and o7, and then using 7, conclude that 
Vuu' = m/—7,m € Z. 


(d) Let N be the norm function on Q(/2), and let 7 = 2\/2 — 1. Note that 
N(m)= —7. Show that u = 7a, where N(a) = m?. Hint: Z[ V2] is a UFD. 
You may have to switch u and u’. 


(e) Assume that uv has no square factors in Z[\/2]. Then show that u = emn, 
where € is a unit and n is a squarefree integer prime to 14. Hint: use 
Proposition 5.16 to describe the primes in Z[/2]. 


(f) Show that n must be +1. Hint: note that ~O,= 7O,-nOy, is a square, 
and conclude that any prime dividing n ramifies in L. 


(g) Thus u = em by (f). All units of Z({V2] are of the form +(V2- 1)” (see 
Hasse [50, pp. 554-556]). Since N(u) = —7 and N(V2—- 1) = -1, we 
can assume u = 7 since u > 0. 


This proves that /u = \/7 = 2/2 — 1 is the desired primitive element. 


Adapt Exercises 6.17 and 6.18 to discover a primitive element for the Hilbert 
class field of Q(./—17). Hint: see Exercise 5.25. You may assume that the 
ring of integers in Q(/17) is a UFD and that the units in this ring are all of the 
form +(4+ V17 )™, m € Z (see Borevich and Shafarevich (8, p. 422]). This 
method will lead most naturally to u = 4+ 17, which is related to our earlier 
choice (1+ V17)/2 via 


(44 V17)- (14+ V17)/2 = (5+ V17)/2). 


This problem may also be done without using the fact that Q(V17) has class 
number | (see Herz [56]). 


Let K = Q(/—55). 


(a) Show that C(Ox) ~ Z/4Z. 


(b) Determine the Hilbert class field of K. Hint: use the methods of Propo- 
sition 5.31. Exercises 6.17 and 6.18 will show you what to look for. 


(c) Prove an analog of Theorem 5.33 for primes of the form x? + 55y. 
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In §5, we solved our basic question of p = x” + ny” for those n’s where Z[\/—n] is 
the full ring of integers Ox in K = Q(\/—n) (see (5.15)). This holds for infinitely 
many n’s, but it also leaves out infinitely many. The full story of what happens for 
these other n’s will be told in §9, and we will see that the answer involves the ring 
Z|/—n]. Such a ring is an example of an order in an imaginary quadratic field, 
which brings us to the main topic of §7. 

We begin this section with a study of orders in a quadratic field K. Unlike Ox, 
an order © is usually not a Dedekind domain, so that the ideal theory of O is more 
complicated. This will lead us to restrict the class of ideals under consideration. In 
the case of imaginary quadratic fields, there is a nice relation between ideals in orders 
and quadratic forms. In particular, an order O has an ideal class group C(O), and 
we will show that for any discriminant D < 0, the form class group C(D) from §3 
is naturally isomorphic to C(©) for a suitable order O. Then, to prepare the way 
for class field theory, we will show how to translate ideals for an order O in K into 
terms of the maximal order Ox. The section will conclude with a discussion of class 
numbers. 


A. Orders in Quadratic Fields 
An order O in a quadratic field K is a subset O C K such that 
(i) O is a subring of K containing 1. 
(ii) O is a finitely generated Z-module. 
(iii) O contains a Q-basis of K. 


Since O is clearly torsion-free, (ii) and (iii) are equivalent to O being a free Z-module 
of rank 2 (see Exercise 7.1). Note also that by (iii), K is the field of fractions of O. 

The ring Ox of integers in K is always an order in K—this follows from the 
description (5.13) of Ox given in §5. More importantly, (i) and (ii) above imply that 
for any order O of K, we have O C Ox (see Exercise 7.2), so that Ox is the maximal 
order of K. 

To describe orders in quadratic fields more explicitly, first note that by (5.14), the 
maximal order Ox can be written as follows: 


dk+vJd 
(7.1) Ox =[l,wx], wg = RAVE, 


where dx is the discriminant of K. We now describe all orders in quadratic fields: 
Lemma 7.2. Let O be an order in a quadratic field K of discriminant dx. Then O 
has finite index in Ox, and if we set f = [Ox : O], then 

O=Z+ fOx = (1, fwx], 


where wx is as in (7.1). 
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Proof. Since O and Ox are free Z-modules of rank 2, it follows that [Ox : O] < 00. 
Setting f = [Ox : O|, we have fOx C O, and then Z+ fOx C O follows. However, 
(7.1) implies Z+ fOx = [1, fwx], so that to prove the lemma, we need only show 
that [1, fwx] has index f in Ox =[1,wx]. This is obvious, and we are done. Q.E.D. 


’ Given an order © in a quadratic field K, the index f = [Ox : O] is called the 
conductor of the order. Another important invariant of O is its discriminant, which 
is defined as follows. Let a ++ a’ be the nontrivial automorphism of K, and suppose 
that O = (a, 6]. Then the discriminant of O is the number 


o-(w(2 )° 


The discriminant is independent of the integral basis used, and if we compute D 
using the basis O = [1, fw,] from Lemma 7.2, then we obtain the formula 


(7.3) D= f'dk. 


Thus the discriminant satisfies D = 0,1 mod 4. From (7.3) we also see that K = 
Q(VD), so that K is real or imaginary according to whether D > 0 or D < 0. In fact, 
one can show that D determines O uniquely and that any nonsquare integer D = 0, 1 
mod 4 is the discriminant of an order in a quadratic field. See Exercise 7.3 for proofs 
of these elementary facts. Note that by (7.3), the discriminant of the maximal order 
Ox is dx, which agrees with the definition given in §5. 

For an example of an order, consider Z[,/—n] C K = Q(,/—n). The discriminant 
of Z[/—n] is easily computed to be —4n, and then (7.3) shows that 


—4n = fd. 


This makes it easy to compute the conductor of Z[,/—n]. This order will be used in 
§9 when we give the general solution of p = x* +ny’. 

Now let’s study the ideals of an order O. If a is a nonzero ideal of O, then the 
proof of Corollary 5.4 adapts easily to show that O/a is finite (see Exercise 7.4). 
Thus we can define the norm of a to be N(a) = |O/a|. Furthermore, as in the proof 
of Theorem 5.5, it follows that O is Noetherian and that every nonzero prime ideal of 
O is maximal (see Exercise 7.4). However, it is equally obvious that if the conductor 
f of © is greater than 1, then © is not integrally closed in K, so that O is not a 
Dedekind domain when f > 1. Thus we may not assume that the ideals of O have 
unique factorization. 

To remedy this situation, we will introduce the concept of a proper ideal of an 
order. Namely, given any ideal a of O, notice that 


OC{BEK: Bac a} 


since a is an ideal of O. However, equality need not occur. For example, if O = 
Z|V —3] is the order of conductor 2 in K = Q(./—3), and ais the ideal of O generated 
by 2 and | + /—3, then one sees easily that 


OA{BEK: Baca} =Ox 
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(see Exercise 7.5). In general, we say that an ideal a of O is proper whenever equality 
holds, i.e., when 
O={BEK: Baca}. 


For example, principal ideals are always proper, and for the maximal order, all ideals 
are proper (see Exercise 7.6). 

We can also extend this terminology to fractional ideals. A fractional ideal of 
O is a subset of K which is a nonzero finitely generated O-module. One can show 
that every fractional ideal is of the form aa, where a € K* and a is an O-ideal (see 
Exercise 7.7). Then a fractional O-ideal 6 is proper provided that 


O={BEK: Bb d}. 


Once we have fractional ideals, we can also talk about invertible ideals: a frac- 
tional O-ideal a is invertible if there is another fractional O-ideal b such that ab = O. 
Note that principal fractional ideals (those of the form aO, a € K*) are obviously 
invertible. The basic result is that for orders in quadratic fields, the notions of proper 
and invertible coincide: 


Proposition 7.4. Let O be an order in a quadratic field K, and let a be a fractional 
O-ideal. Then a is proper if and only if a is invertible. 


Proof. If a is invertible, then ab = © for some fractional O-ideal 6. If 6 € K and 
Ba C a, then we have 


BO = 8(ab) = (Ba)b Cc ab= 0, 


and 6 € O follows, proving that a is proper. 
To argue the other way, we will need the following lemma: 


Lemma 7.5. Let K = Q(r) be a quadratic field, and let ax? + bx +c be the minimal 
polynomial of T, where a, b and c are relatively prime integers. Then [1,7] is a 
proper fractional ideal for the order (1, ar] of K. 


Proof. First, [1, a7] is an order since ar is an algebraic integer. Then, given 8 € K, 
note that 8[1,7] c [1,7] is equivalent to 


6-1€ {l,7] 
B-r é{l,7]. 


The first line says 8 = m+nr7, m,n € Z. To understand the second, note that 


Br =mr tar? =mr+—(—br—c) 
a 


—cn (= ) 
= ——+(—-+m)r. 
a a 


Since gcd(a, b,c) = 1, we see that Br € [1,7] if and only if a | n. It follows that 


{8 €K:All,7] c [1,7]} =[l,az7], 


B. ORDERS AND QUADRATIC FORMS 123 


which proves the lemma. Q.E.D. 


Now we are ready to prove that proper fractional ideals are invertible. First 
note that a is a Z-module of rank 2 (see Exercise 7.8), so that a = [a, 6] for some 
a,8 €K. Then a=ol[l1,7], where r = B/a. If ax*+bx+c, ged(a,b,c,) = 1, 
is the minimal polynomial of 7, then Lemma 7.5 implies that O = [1,a7]. Let 
8 — £' denote the nontrivial automorphism of K. Since 7’ is the other root of 
ax’ + bx +c, using Lemma 7.5 again shows that a’ = a’[1,7’] is a fractional ideal 
for [1,a7] = [l,ar’] = O. We claim that 


(7.6) aa’ = MO) 6, 


To see why, note that 
aaa’ = aaa’ [1,7][1,7"] = N(a)[a,at,ar’ arr’. 
Since 7 +7’ = —b/a and rr’ = c/a, this becomes 
aaa’ = N(a)[a,ar, —b,c] = N(a)[1,aT] = N(a)O 
since gcd(a,b,c) = 1. This implies (7.6), which shows that a is invertible. Q.E.D. 


Unfortunately, Proposition 7.4 is not strong enough to prove unique factorization 
for proper ideals (see Exercise 7.9 for a counterexample). Later we will see that 
unique factorization holds for a slightly smaller class of ideals, those prime to the 
conductor. 

Given an order O, let /(O) denote the set of proper fractional O-ideals. By Propo- 
sition 7.4, /(©) is a group under multiplication: the crucial issues are closure and the 
existence of inverses, both of which follow from the invertibility of proper ideals (see 
Exercise 7.10). The principal O-ideals give a subgroup P(O) c (OQ), and thus we 
can form the quotient 


C(O) =1(0)/P(O), 


which is the ideal class group of the order O. When O is the maximal order 
Ox,I(Ox) and P(Ox) will be denoted Ix and Px, respectively. This is the notation 
used in §5, and in general we reserve the subscript K exclusively for the maximal 
order. Then the above definition of C(Ox) agrees with the one given in §5. 


B. Orders and Quadratic Forms 


We can relate the ideal class group C(©) to the form class group C(D) defined in §3 
as follows: 


Theorem 7.7. Let O be the order of discriminant D in an imaginary quadratic 
field K. Then: 
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(i) If f(x,y) = ax? + bxy+ cy’ is a primitive positive definite quadratic form of 
discriminant D, then [a,(—b + VD) /2] is a proper ideal of O. 


(ii) The map sending f(x,y) to [a,(—b + VD)/2| induces an isomorphism between 
the form class group C(D) and the ideal class group C(O). Hence the order 
of C(O) is the class number h(D). 


(iii) A positive integer m is represented by a form f(x,y) if and only if m is the 
norm N(a) of some ideal a in the corresponding ideal class in C(O) (recall 
that N(a) = |O/al). 


Remark. Because of the isomorphism C(D) ~ C(Q), we will sometimes write the 
class number as A() instead of h(D). 


Proof. Let f(x,y) = ax” + bxy + cy’ be a primitive positive definite form of discrimi- 
nant D < 0. The roots of f(x, 1) = ax*+bx+c are complex, so that there is a unique 
7 €§ (bh is the upper half plane) such that f(7,1) = 0. We call 7 the root of f(x,y). 
Since a > 0, it follows that r = (—b + VD) /2a. Thus 


[a,(—b + VD) /2] = [a, ar] = a[1,7). 


Note also that 7 € K. 
To prove (i), note that by Lemma 7.5, a[1,7] is a proper ideal for the order [1, a7]. 
However, if f is the conductor of O, then D = f?dx by (7.3), and thus 


_—b+vD_ —b+ fvdx 
ae 2 

b+ fdx dx+<J/dx b+ fdx 
Sar ge Eo, aoe, 


at 


) = + fwr 
Since D = b* — 4ac, fdx and b have the same parity, so that (b+ fdx)/2 € Z. It 
follows that [1,a7] = [1, fw], so that [1,a7] = O by Lemma 7.2. This proves that 
a[1,7] is a proper O-ideal. 


To prove (ii), let f(x,y) and g(x,y) be forms of discriminant D, and let 7 and 7’ 
be their respective roots. We will prove the following equivalences: 


f(x,y), g(x,y) are properly equivalent 


(7.8) Pama a hl iC i) € SL(2,Z) 
rT+S rss 


<=> [1,7] =Al[l,7’], A © K*. 


To see why this is true, assume that f(x,y) = g(px+4qy,rx+ sy), where (24) € 
SL(2,Z). Then 


pr+q 
= f(r,1) =e(pr+qrr+s) =(rr+s)? 1 
(7.9) O= f(7,1) =g(pt+4,r7 +5) = (rT +5) “(2 = ). 
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so that g((pr +q)/(r7 +5), 1) =0. By an easy computation (see Exercise 7.11), 


(7.10) Im (H+) = det G d) |rr +s|~? Im(r). 
1T+S rss 


This implies (pr +q)/(r7 +5) € b, and thus 7’ = (pr+q)/(r7+5) by the uniqueness 
of the root 7’. Conversely, if 7’ = (pr +q)/(r7 +5), then (7.9) shows that f(x,y) 
and g(px+qy,rx+ sy) have the same root, and it follows easily that they must be 
equal (see Exercise 7.12). This proves the first equivalence of (7.8). 

Next, if 7’ = (pr +q)/(r7 +5), let X\=r7 +5 € K*. Then 


nH pt+q 
A[1,7'] = (r7 +5) E at] 


=[rr+s,pr+q] = [1,7] 


since (? 7) € SL(2,Z). Conversely, if [1,7] = A[1,7’] for some A € K*, then [1,7] = 
[A, Ar’], which implies 


Ar’ = pr+q 
A=rT+5 


for some (? 7) € GL(2,Z). This gives us 


a btt4a 
rr+s’ 


and then (7.10) shows that (? 4) € SL(2,Z) since r and r’ are both in §. This 
completes the proof of (7.8). 
Using (7.8), one easily sees that the map sending f(x,y) to a[1,7] induces an 
injection 
c(D) — C(O). 


To show that the map is surjective, let a be a fractional O-ideal. As in the proof of 
Proposition 7.4, we can write a = [a, 6] for some a, 6B € K. Switching a and if 
necessary, we can assume that tT = 8/a lies in h. Let ax* + bx +c be the minimal 
polynomial of 7. We may assume that gcd(a,b,c) = 1 anda > 0. Then f(x,y) = 
ax’ + bxy + cy’ is positive definite of discriminant D (see Exercise 7.12), and f (x,y) 
maps to a[l,7]. This ideal lies in the class of a = [a,6] = a[1,7] in C(O), and 
surjectivity is proved. 
We thus have a bijection of sets 


(7.11) C(D) > C(O). 


We next want to see what happens to the group structure, but we first need to review 
the formulas for Dirichlet composition from §3. Given two primitive positive definite 
forms f(x,y) = ax” + bxy + cy’ and g(x,y) = a'x* + b'xy + cy? of discriminant D, 
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suppose that gcd(a,a’,(b+b’)/2) = 1. Then the Dirichlet composition of f(x,y) and 
g(x,y) was defined to be the form 


B’-—D 
F = , B 2 
(x,y) =aa'x’ + Bry + Fy", 
where B is the unique number modulo 2aa’ such that 
B=b mod 2a 
(7.12) B=D’! mod 2a’ 
B’ = D mod 4aa’ 


(see Lemma 3.2 and (3.7)). In Theorem 3.9 we asserted that Dirichlet composition 
made C(D) into an Abelian group, but the proof given in §3 was not complete. So 
our first task is to use the bijection (7.11) to finish the proof of Theorem 3.9. 

Given f(x,y), g(x,y) and F(x, y) as above, we get three proper ideals of O: 


[a,(—b + f Vdx)/2], [a’,(—b' + f dx) /2] and [aa’, (—B+ f /dx)/2]. 
If we set A = (—B + f/dx)/2 and use the top two lines of (7.12), then these ideals 
can be written as 
[a, A], [a’, A] and [aa’, A}. 
We claim that 
(7.13) [a, A][a’, A] = [aa’, A). 
To see this, note that A? = —BA mod aa’ by the last line of (7.12). Thus 
fa, A)[a’, A) = faa’ aA, a’ A, A?) = [aa' ,aA,a'A,-BA). 


However, from (7.12) one easily proves that gcd(a,a’,B) = 1 (see Exercise 7.13), 
and then (7.13) follows immediately. 

By (7.11) and (7.13), we see that the Dirichlet composition of f(x,y) and g(x,y) 
corresponds to the product of their corresponding ideal classes, which proves that 
Dirichlet composition induces a well-defined binary operation on C(D). Further- 
more, since the product of ideals makes C(©) into a group, it follows immediately 
that C(D) is a group under Dirichlet composition. This completes the proof of The- 
orem 3.9, and it is now obvious that (7.11) is an isomorphism of groups. 

Before we can prove part (iii) of the theorem, we need to learn more about the 
norm N(a) = |O/a| of a proper O-ideal a. The basic properties of N(a) are: 


Lemma 7.14. Let O be an order in an imaginary quadratic field. Then: 
(i) N(aQ) = N(a) forae O,a #0. 
(ii) N(ab) = N(a)N(6) for proper O-ideals a and b. 


(iii) aa = N(a)O for a proper O-ideal a. 
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Proof. The proof of (i) is covered in Exercises 7.14 and 7.15. We will next prove a 
special case of (ii): if a 4 0 in O, we claim that 


(7.15) N(aa) = N(a)N(a). 
To prove this, note that the inclusions aa C aO C O give us the short exact sequence 
0 aO/aa > O/aa > O/aO — 0, 


which implies that |O/ aa| = |O/aO||aO/aa|. Since multiplication by a induces 
an isomorphism O/a — a©/aa, we get N(aa) = N(aO)N(a), and then (7.15) 
follows from (i). 
Before proving (ii) and (iii), we need to study N(a). If we write a in the form 
a = a[1,7], then Lemma 7.5 implies that O = [1,a7]. Since [a,aT] obviously has 
index a in [1,a7], we obtain 
N(all,7]) =a. 


Then a- a = a-ala,7] and (7.15) imply that 


NIG) 


(7.16) N(a)=— 


Now (iii) follows immediately by combining (7.16) with the equation 


proved in (7.6). Turning to (ii), note that (iii) implies that 


N(ab)O = ab - ab = aa - bb = N(a)O-N(b)O =N(a)N(b)O 
and then N(ab) = N(a)N(b) follows. Q.E.D. 


A useful consequence of this lemma is that if a is a proper O-ideal, then a gives the 
inverse of a in C(O). This follows immediately from aa = N(a)O. In Exercise 7.16 
we will use the isomorphism C(D) ~ C(O) to give a second proof of this fact. 

We can now prove part (iii) of the theorem. If m is represented by f(x,y), then 
m = d’a, where a is properly represented by f(x,y). We may assume that f(x,y) = 
ax + bxy+cy*. Then f(x,y) maps to a = a[1,7], so that N(a) = a by (7.16). It 
follows that N(da) = d?a =m, so that m is the norm of an ideal in the class of a. 

Comercly, assume that N(a) = m. We know that a = a[1,7], where Im(7) > 0 
and at? + br+c=0, ged(a,b,c) = 1 and a> 0. Then f(x,y) = ax” +bxy+ cy” 
maps to the class of a, so that we need only show that f(x,y) represents m. 

By (7.16), we know that 


maniaye Me), 
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However, a[{1,7] =a Cc O =[1,a7], so that a = p+ gar and at =r+sar for some 


integers p,g,r,s € Z. Thus (p+ qart)T =r-+sar, and since ar? = —bt —c, compar- 


ing coefficients shows that p = as + bq. Hence 


= Mo) *(p? — bpq +acq’) 
= =((as-+bq)?—blas-+ bq)q+acq?) 
= Aces + absq + acq’) 
= as’ +bsq+cq’ = f(s,q). 
This proves (iii) and completes the proof of Theorem 7.7. Q.E.D. 


Notice that Theorem 5.30 is an immediate corollary of Theorem 7.7. 
The map f(x,y) > a = [a,(—b + VD)/2] of Theorem 7.7 has a natural inverse 
which is defined as follows. If a = (a, 6] is a proper O-ideal with Im(G/a) > 0, then 


flsy) = aarane 


is a positive definite form of discriminant D. On the level of classes, this map is the 
inverse to the map of Theorem 7.7 (see Exercise 7.17). 

Theorem 7.7 allows us to translate what we know about quadratic forms into facts 
about ideal classes. Here is an example that will be useful later on: 


Corollary 7.17. Let O be an order in an imaginary quadratic field. Given a nonzero 
integer M, then every ideal class in C(O) contains a proper O-ideal whose norm is 
relatively prime to M. 


Proof. In Lemma 2.25 we learned that any primitive form represents at least one 
number relatively prime to M, and the corollary then follows from part (iii) of Theo- 
rem 7.7. Q.E.D. 


The reader may wonder if Theorem 7.7 holds for real quadratic fields. Simple ex- 
amples show that this isn’t true in general. For instance, when K = Q(/3), the max- 
imal order Ox = Z[V3] is a UFD, which implies that C(Ox) ~ {1}. Yet the forms 
+(x? — 3y*) of discriminant dx = 12 are not properly equivalent, so that C(dx) # {1} 
(see Exercise 7.18 for the details). In order to make a version of Theorem 7.7 that 
holds for real quadratic fields, we need to change the notion of equivalence. In Ex- 
ercises 7.19-7.24 we will explore two ways of doing this: 


1. Change the notion of equivalence of ideals. Instead of using all principal ide- 
als P(O), use only P*(Q), which consists of all principal ideals a@O where 
N(a) > 0. The quotient /(O)/P+(©) is the narrow (or strict) ideal class 
group and is denoted by C*(). In Exercise 7.21 we will construct a natural 
isomorphism C(D) ~ C+ (©) which holds for any order in any quadratic field 
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K. We also have Ct (O) = C(O) when K is imaginary, and the same is true 
when K is real and O has a unit € with N(«) = —1. If K has no such unit, then 
IC*(O)| = 2|C(O)|. 


2. Change the notion of equivalence of forms. Instead of using proper equiv- 
alence, use the notion of signed equivalence, where f(x,y) and g(x,y) are 
signed equivalent if there is a matrix (? 4) € GL(2,Z) such that 


F (x,y) = det ce ‘) 8(px + qy,rx + sy). 


The set of signed equivalence classes is denoted C,(D), and in Exercise 7.22 
we will see that there is a natural isomorphism C,(D) ~ C(Q). The criteria for 
when C,(D) = C(D) are the same as above. 


For other treatments of the relation between forms and ideals, see Borevich and 
Shafarevich [8, Chapter 2, §7.5], Cohn [19, §§14.A—C] and Zagier [111, §§8 and 
10}. 


C. Ideals Prime to the Conductor 


The theory described so far does not interact well with the usual formulation of class 
field theory. The reason is that class field theory is always stated in terms of the 
maximal order Ox. So given an order © in a quadratic field K, we will need to 
translate proper O-ideals into terms of Ox-ideals. This is difficult to do directly, but 
becomes much easier once we study O-ideals prime to the conductor. 

Given an order © of conductor f, we say that a nonzero O-ideal a is prime to 
f provided that a+ fO =O. The following lemma gives the basic properties of 
Q-ideals prime to the conductor: 


Lemma 7.18. Let O be an order of conductor f. 
(i) An O-ideal a is prime to f if and only if its norm N(a) is relatively prime to f. 
(ii) Every O-ideal prime to f is proper. 
Proof. To prove (i), let my : O/a + O/a be multiplication by f. Then 
a+ fO=O <=> mf is surjective <> my is an isomorphism. 


By the structure theorem for finite Abelian groups, m; is an isomorphism if and only 
if f is relatively prime to the order N(a) of O/a, and (i) is proved. 

To show that an O-ideal a prime to f is proper, let 8 € K satisfy Ga C a. Then 
8 is certainly in Ox, and we thus have 


BO = B(a+ fO) = Bat+ BfOC a + fOr. 


However, fOx Cc O, which proves that 8O Cc O. Thus 8 € O, which proves that a 
is proper. Q.E.D. 
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It follows that O-ideals prime to f lie naturally in /(O) and are closed under 
multiplication (since N(ab) = N(a)N(b) will also be prime to f). The subgroup of 
fractional ideals they generate is denoted /(O, f) C I(O), and inside of 1(O, f) we 
have the subgroup P(O, f) generated by the principal ideals a0 where a € O has 
norm N(q) prime to f. We can then describe C(O) in terms of 1(O, f) and P(O, f) 
as follows: 


Proposition 7.19. The inclusion I1(O,f) C I(O) induces an isomorphism 
1(O, f)/P(O,f) = (O)/P(O) =C(O). 


Proof. The map /(O, f) — C(O) is surjective by Corollary 7.17 (any ideal class 
in C(O) contains an Q-ideal prime to f), and the kernel is 1(O,f)MP(O). This 
obviously contains P(O, f), but the inclusion /(O, f) 1P(O) Cc P(O, f) needs proof. 
An element of 1(O, f) P(©) is a fractional ideal a = ab~', where a € K anda 
and b are O-ideals prime to f. Let m = N(b). Then mO = N(b)O = 66 lies in 
P(O, f), and we also have mb—! = b. Hence 


maO =a-mb-'=abcO, 


which proves that maO € P(O, f). Then a0 = maO -(mO)~! is also in P(O,f), 
and the proposition is proved. Q.E.D. 


For any order O, ideals prime to the conductor relate nicely to ideals for the max- 
imal order Ox. To explain this, we begin with a definition: given a positive integer 
m, an Ox-ideal a is prime to m provided that a+ mOx = Ox. As in Lemma 7.18, this 
is equivalent to gcd(N(a),m) = 1. Thus, inside of the group of fractional Ox-ideals 
Ix, we have the subgroup /x(m) C Ix generated by Ox-ideals prime to m. 


Proposition 7.20. Let O be the order of conductor f in an imaginary quadratic 
field K. Then: 


(i) If ais an Ox-ideal prime to f, then aN O is an O-ideal prime to f of the same 
norm. 


(ii) [fa is an O-ideal prime to f, then aOx is an Ox-ideal prime to f of the same 
norm. 


(iii) The map a+ aNO induces an isomorphism Ix(f) —> 1(O, f), and the inverse 
of this map is given by ar aOx. 


Proof. To prove (i), let a be an Ox-ideal prime to f. Since O/aNO injects into 
Ox/aand N(a) is prime to f, so is N(aMN OQ), which proves that aM O is prime to f. 
As for norms, consider the natural injection 


O/anO — Ox/a. 


Since a is prime to f, multiplication by f induces an isomorphism of Ox/a. But 
fOx Cc O, so that the above injection is also a surjection. This shows that the norms 
are equal, and (i) is proved. 
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To prove (ii), let a be an O-ideal prime to f. Since 
aOx + fOx = (a+ fO)Ox = OOK = Ox 


we see that aOx is also prime to f. The statement about norms will be proved below. 
Turning to (iii), we claim that 


a aOxNO=a _ when ais an O-ideal prime to f 
(7.21) 
(aNO)Ox=a when ais an Ox-ideal prime to f. 


We start with the top line. If a is an O-ideal prime to f, then 


a0OxnNO = (aOxNO)O 
= (aOxNO)(a+ fO) 
Cat f(aOxnNO) Ca+a- fOr. 


Since fOx C O, this proves that aOx MO C a. The other inclusion is obvious, so 
that equality follows. Turning to the second line of (7.21), let a be an Ox-ideal prime 
to f. Then 

a=a0=a(anO+ fO) Cc (aNnO)Ox + fa. 


However, fa Cc fOx C O, so that fa CaNO C (aNQ)Ox, and ac (aNO)Ox 
follows. The other inclusion is obvious, which finishes the proof of (7.21). Notice 
that (7.21) and (i) imply the norm statement of (ii). 

From (7.21) we get a bijection on the monoids of Ox- and O-ideals prime to f. If 
we can show that a> aM preserves multiplication, then we get an isomorphism 
Ix(f) ~ 1(O, f) (see Exercise 7.25). But multiplicativity is easy, for the inverse map 
at+ aQx is obviously multiplicative: 


(ab)Ox = aOx * bOx. 
This proves the proposition. Q.E.D. 


Using this proposition, it follows that every O-ideal prime to f has a unique de- 
composition as a product of prime O-ideals which are prime to f (see Exercise 7.26). 
We can now describe C(Q) in terms of the maximal order: 


Proposition 7.22. Let O be an order of conductor f in an imaginary quadratic field 
K. Then there are natural isomorphisms 


C(O) ~1(0, f)/P(O,f) = Ix(f)/Pr2(f), 


where Px z(f) is the subgroup of Ix(f) generated by principal ideals of the form 
aOx, where a € Ox satisfies a =a mod fOx for an integer a relatively prime to f. 


Remark. To keep track of the various ideal groups, remember that the subscript K 
refers to the maximal order Ox (as in Ix, Ix(f), etc.), while no subscript refers to the 
order O (as in 1(O), 1(O, f), etc.). 
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Proof. The first isomorphism comes from Proposition 7.19. To prove the second, 
note that a+» aOx induces an isomorphism 1(O, f) ~ Ix(f) by Proposition 7.20. 
Under this isomorphism P(O, f) C 1(O, f) maps to a subgroup P C Ix(f). It remains 
to prove P = Px 2(f). 

We first show that for a € Ox, 


(7.23) a@=amod fOx, a€Z, ged(a, f) =1<— > a € O, ged(N(a), f) = 1. 


Going one way, assume that a = a mod fOx, where a € Z is relatively prime to f. 
Then N(a) =a? mod f follows easily (see Exercise 7.27), so that ged(N(a), f) = 
gcd(a?, f) = 1. Since fOx C O, we also see that a € O. Conversely, let a € O = 
[1, fwx] have norm prime to f. Writing a = a+bfwg, we see that a =a mod fOx. 
Since gcd(N(q@), f) = 1 and N(a) = a* mod f, we must have gcd(a, f) = 1. This 
completes the proof of (7.23). 

We know that P(O, f) is generated by the ideals a0, where a € O and N(a) is 
relatively prime to f. Thus P is generated by the corresponding ideals aOx, and by 
(7.23), this implies that P = Px,z(f). Q.E.D. 


In §9 we will use this proposition to link C(O) to the class field theory of K. For 
other discussions of the relation between ideals of O and Ox, see Deuring [24, §8] 
and Lang [73, §8.1]. 


D. The Class Number 


One of the nicest applications of Proposition 7.22 is a formula for the class number 
h(O) in terms of its conductor f and the class number h(Ox) of the maximal order. 
Before we can state the formula, we need to recall some terminology from §5. Given 
an odd prime p, we have the Legendre symbol (dx /p), and for p = 2 we have the 
Kronecker symbol: 


4 0 if 2 | dx 
(F) =< 1 ifdg=1mod8 
—1 if dx =5 mod 8. 
(Recall that dx = 1 mod 4 when dx is odd.) We can now state our formula for h(O): 


Theorem 7.24. Let O be the order of conductor f in an imaginary quadratic field K. 


Then 
ae = pp er(! ey 


Furthermore, h(Q) is always an integer multiple of h(Ox). 


Proof. By Theorem 7.7 and Proposition 7.22, we have 


h(O) = |C(O)| = x (F)/Px2(P)| 
h(Ox) = |C(Ox)| = Ux /Prl- 
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Since Ix(f) C Ix and Px,z(f) C Ik(f) O Px, we get an exact sequence 


O —> Ix(f)OPx/Px,2(f) —> Ix(f)/Px,z(f) —> Ix/Pr 
(7.25) 42 42 
We know from Corollary 7.17 that every class in C(Ox) contains an Ox-ideal whose 


norm is relatively prime to f. This implies that C(O) — C(Ox) is surjective, which 
proves that h(Ox) divides h(O). Furthermore, (7.25) then implies that 


(7.26) Woy = He Pa/ Pe 2) 


It remains to compute the order of Ix(f) Px /Px,z(f). The key idea is to relate this 
quotient to (Ox/fOx)*. 

Given [a] € (Ox/fOx)*, the ideal aOx is prime to f and thus lies in Ix(f)M Px. 
Furthermore, if a = 8 mod fOx, we can choose u € O with ua = uf = 1 mod fOx. 
Then the ideals uaOx and u8Ox lie in Pxz(f), and since 


aOk -uBOK = BOK -uaOg, 
aOx and BOx lie in the same class in Ix (f) M Px /Px,z(f). Consequently, the map 
: (Ox/fOK)* — Ik(f) OPK /Px,2(f) 


sending [a] to [aOx] is a well-defined homomorphism. 

We will first show that ¢ is surjective. An element of [x(f) Px can be written as 
aOx = ab~!, where a € K and a and 6 are Ox-ideals prime to f. Letting m= N(6), 
we’ve seen that 6 = mb—!, so that maOx = ab, which implies that ma € Ox. Note 
also that maQOx is prime to f. Since mOx € Px,z(f), it follows [aOx| = [maOx] = 
¢([ma}), proving that ¢ is surjective. 

To determine the kernel of ¢, we will assume that O% = {+1} (by Exercise 5.9, 
this means that K # Q(./—3) or Q(i)). In this case we will show that there is an 
exact sequence 


(7.27) 1 —+ (Z/fZ)* “+ (Ox/ fOx)* + Ix(f) Px /Paz(f) — 1 


where 7 is the obvious injection. The definition of Px.z(f) makes it clear that im(~) 
C ker(#). Going the other way, let [a] € ker(¢). Then aOx € Px z(f), ie., ©Ox = 
BOx-y~'Ox, where 8 and ¥ satisfy 8 = b mod and fOx and y =c mod fOx for 
some [b] and [c] in (Z/fZ)*. Since Of = {+1}, it follows that a = +87 ~!, and 
one then easily sees that [b][c]~! € (Z/fZ)* maps to [a] € (Ox / fOx)*. This proves 
exactness. 

It is well-known that 


\(2/f2)"| TI (1-2), 


P\f 
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and in Exercises 7.28 and 7.29 we will show that 


couyuri=P1(1-2) (-(4)2) 


pif 


Using these formulas and (7.26), we obtain 


HP) _ -sTI(1- (*) 
(dr) = eC Pel Peat l= ATT (1 (7) ) 


which proves the desired formula since |O%| = |O*| = 2. In Exercise 7.30 we will 
indicate how to modify this argument when Of # {+ 1}. QE.D. 


This theorem may also be proved by analytic methods—see, for example, Zagier 
(111, §8, Exercise 8]. 
By Theorem 7.24, we can relate the class numbers h(m?D) and h(D) as follows: 


Corollary 7.28. Let D = 0,1 mod 4 be negative, and let m be a positive integer. 


Then h(D)m oi 
MP pom (!- (3) 


where O and ©’ are the orders of discriminant D and m?D, respectively (and O' has 
index m in O). 


Proof. Suppose that the order © has discriminant D and conductor f. Then the 
order ©' C O of index m has discriminant m?D and conductor m/f, and the corollary 
follows from Theorem 7.24 (see Exercise 7.31). This corollary is due to Gauss, and 
his proof may be found in Disquisitiones [41, §§254—256]. Q.E.D. 


The only method we learned in §2 for computing class numbers h(D) for D < 0 
was to count reduced forms. This becomes awkward as |D| gets large, but other 
methods are available. By Theorem 7.24, we are reduced to computing h(dx), and 
here one has the classic formula 


Ox d 
(7.29) nde) =~ 5 (F)n. 
n=1 


where (dx /n) is defined for n = p, --: p,, p; prime, by (dx /n) = ITj_,(dx/pi). This 
formula is usually proved by analytic methods (see Borevich and Shafarevich (8, 
Chapter 5, Section 4], or Zagier [111, §9]), but there is also a purely algebraic proof 
(see Orde [83]). 

While (7.29) enables us to compute h(dx) for a given imaginary quadratic field, 
it doesn’t reveal the way h(dx) grows as |dx| gets large. Gauss noticed this growth 
empirically in Disquisitiones [41, §302], but there were no complete proofs until the 
1930s. The best result is due to Siegel [92], who proved in 1935 that 

logh(dx) 1 


iy oeoo loglay| 2. 
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This implies that given any € > 0, there is a constant C(€) such that 
h(dx) > C(€)|dx|/)-* 


for all field discriminants dx < 0. Unfortunately, the constant C(e) in Siegel’s proof 
is not effectively computable given what we currently know about L-series (these 
difficulties are related to the Riemann Hypothesis). However, work by Goldfeld, 
Gross, Zagier and Oesterlé in the 1980s led to the weaker formula 


h(dx) > W98léel I Geo 


p+ 


P\dx ,p<dx 


where [  ] is the greatest integer function and log is to the base e. For a fuller 
discussion of this result and its implications, see Oesterlé [81, A17] and Zagier [112]. 

These results on the growth of h(dx) imply that there are only finitely many orders 
with given class number h (see Exercise 7.32). Nevertheless, even when h is small, 
determining exactly which orders have class number h remains a difficult problem. 
For the case of class number 1, the answer is given by the following theorem due 
independently to Baker [3], Heegner [52] and Stark [96]: 


Theorem 7.30. 
(i) If K is an imaginary quadratic field of discriminant dx, then 
h(dx) =1 <=> dx = —3,—4,—-7,-8,—11, -19, —43, —67, —163. 
(ii) IfD =0,1 mod 4 is negative, then 


h(D) =1 <> D=-3,-4,-7,—-8,—11, 12,16, 
— 19, —27, —28, —43, -67, —163. 


Proof. First note that (i) = (ii). To see why, assume that h(D) = 1. If we write 
D = fdg, then Theorem 7.24 tells us that h(dx)|h(D), and thus h(dx) = 1. By (i), 
this determines the possibilities for dx, but we still need to see which conductors 
f > 1 can occur. First, suppose that OF = {+1}. If f > 2, then 


a(r-(@)3)> 


p\lf 


so that by Theorem 7.24, this case can be excluded. One then calculates directly (us- 
ing (i) and Theorem 7.24) that f = 2 happens only when dx = —7, i.e., D = —28. The 
argument when Of # { +1} is similar and is left to the reader (see Exercise 7.33). 
The proof of (i) is a different matter. When the discriminant is even, the theorem 
was proved in §2 by an elementary argument due to Landau (see Theorem 2.18). But 
when the discriminant is odd, the proof is much more difficult. In §12 we will give a 
complete proof of (i) using modular functions and complex multiplication. Q.E.D. 
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E. Exercises 


7.1. Let K be a finite extension of Q of degree n, and let M C K be a finitely 
generated Z-module. 
(a) Prove that M is a free Z-module. 
(b) Prove that M has rank n if and only if M contains a Q-basis of K. 


7.2. Let O be an order in a quadratic field K. Prove that O C Ox. 


7.3. This exercise is concerned with the conductor and discriminant of an order O 
in a quadratic field K. Let a ++ a’ be the nontrivial automorphism of K. 


(a) If O = [a, f], then the discriminant is defined to be 


o=(ia(s 8) 


Prove that the D is independent of the basis used and hence depends only 
on 0. 


(b) Use the basis O = [1, fwx] from Lemma 7.2 to prove that D = f*dx. 


(c) Use (b) and Lemma 7.2 to prove that an order in a quadratic field is 
uniquely determined by its discriminant. 


(d) If D=0,1 mod 4 is nonsquare, then show that there is an order in a 
quadratic field whose discriminant is D. 


7.4, Let O be an order in a quadratic field K. 


(a) If a is a nonzero ideal of O, prove that a contains a nonzero integer m. 
Hint: take a € a, and use Lemma 7.2 to show that a’ € O, where a a’ 
is the nontrivial automorphism of K. 


(b) Ifa is a nonzero ideal of O, show that O/a is finite. Hint: take the integer 
m from (a) and show that O/mO is finite. 


(c) Use (b) to show that every nonzero prime ideal of O is maximal. 


(d) Use (b) to show that O is Noetherian. 


7.5. Let K = Q(V—3), and let a be the ideal of O = Z/,/—3] generated by 2 and 
1+ /—3. Show that 


{8EK:Bacas=Ox #0. 


7.6. Let K be a quadratic field. 


(a) Show that for any order of K, principal ideals are always proper. 


(b) Show that for the maximal order Ox, all ideals are proper. 


7.7. 


7.8. 


7.9. 


7.10. 


7.41, 
7.42. 


7.13. 


7.14. 
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Let O be an order of K, and let b C K be an O-module (note that b need not be 
contained in ©). Show that 6 is finitely generated as an O-module if and only 
if b is of the form aa, where a € K and a is an O-ideal. 


Show that a nonzero fractional O-ideal a is a free Z-module of rank 2 when K 
is a quadratic field. Hint: use the previous exercise and part (b) of Exercise 7.4. 


Let O = Z[V—3], which is an order of conductor 2 in the imaginary quadratic 
field K = Q(/—3). 


(a) Show that C(O) ~ {1}, so that the proper ideals of O are exactly the 
principal ideals. Hint: use Theorem 7.7 and what we know from §2. 


(b) Show that if unique factorization holds for proper ideals of O, then O is 
a UFD. 


(c) Show that 2, 1 -++/—3 and | — /—3 are irreducible (in the sense of §4) 
in O. Since 4 = 2-2 = (1+ V—3)(1 — V—3), this shows that O is not a 
UFD. 


This example shows that unique factorization can fail for proper ideals. 


If a and b are invertible fractional ideals for an order ©, then prove that ab 
and a~! (where a! is the fractional O-ideal such that aa~! = ©) are also 
invertible fractional O-ideals. 


Prove (7.10). 


Let f(x,y) = ax’ + bxy + cy? be a quadratic form with integer coefficients, and 
let r be a root of ax? + bx +c =0. 


(a) Prove that f(x,y) is positive definite if and only if a > 0 andr ¢ R. 

(b) When f(x,y) is positive definite and gcd(a,b,c) = 1, prove that the dis- 
criminant of f(x,y) is D, where D is the discriminant of the order O = 
[1, az]. 

(c) Prove that two primitive positive definite forms which have the same root 
T must be equal. 


Let ax? + bxy + cy’ and a'x’ + b'xy + c'y’ be two primitive positive definite 
forms of the same discriminant. Assume that gcd(a,a’, (b+ b’)/2) = 1, and 
let B be the unique integer modulo 2aa’ which satisfies the three conditions of 
(7.12). Prove that gcd(a,a’,B) = 1. 


Let O = [1,u] be an order in a quadratic field, and pick a=a+bueO,a40. 
Since O is a ring, au can be written au =c+du. 


(a) Show that N(a) = ad — bce #0. 


(b) Since aO = [a, au] = [a+ bu,c+du] C O =[1,u] and ad — bc £0, it is 
a standard fact (proved in Exercise 7.15) that |O/a@O| = |ad — bc|. Thus 
(a) proves the general relation that N(aO) = |N(a)|. 
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7.15. Let M = Z?, and suppose that A = (4°) is an integer matrix with det(A) = 
ad —bc #0. Writing M = [e1,e2], note that AM = [ae, + ce2, be; + de]. Our 
goal is to prove that |M/AM| = |det(A)]. 


(a) Show that the result is true when c = 0. Hint: use the division algorithm 
to write an element of M as ue; + ve + w(be; + dez) where u,v,w € Z 
and0<v< |d|. 

(b) Let B € GL(2,Z). Show that the result is true for A if and only if it is 
true for BA. Hint: use the automorphism of M induced by B. 


(c) Explain how to find B € GL(2,Z) such that BA = (% &,). Hint: ifc #0, 
prove that there exists B € GL(2,Z) such that BA = (4, &) with |c’| < |c|. 
This is easy to do when |a| < |c] (swap rows) and not difficult when 
|a| > |c| (dividing by a by c tells you which row operation to use). 


(d) Conclude that |M/AM| = |det(A)|. 
7.16. Let O be the order of discriminant D in an imaginary quadratic field K, and let 


a be a proper O-ideal. In this exercise we will give two proofs that the class of 
@ is the inverse of the class of a in C(O). 


(a) Prove this assertion using part (iii) of Lemma 7.14. 


(b) In §3, we proved that the class of the opposite form ax” — bxy + cy’ is the 
inverse of the class of the form ax” + bxy + cy’. Using the isomorphism 
C(D) ~ C(O) from Theorem 7.7, show that the class of @ is the inverse 
of the class of a in C(O). 


7.17. Let O be the order of discriminant D in the imaginary quadratic field K. 


(a) Show that the map sending the proper O-ideal a = [a, (] to the quadratic 


form M By) 
_ N(ax— By 
f(x,y) ~~ N(a) 

induces a well-defined map C(O) — C(D) which is the inverse of the 
map ax? + bxy+cy* + [a,(—b + VD)/2] of Theorem 7.7. Hint: use 
(7.16) and Exercise 7.12. ; 

(b) Give examples to show that the map ax? + bxy + cy” + [a,(—b+ VD) /2] 
of Theorem 7.7 is neither injective nor surjective on the level of forms 
and ideals. 


7.18. The field K = Q(/3) has discriminant dx = 12, and Ox = Z[V3] by (5.13). 


(a) Use the absolute value of the norm function to show that Ox is Euclidean, 
and conclude that C(Ox) ~ {1}. 

(b) Show that the form class group C(dx) = C(12) is nontrivial. Hint: show 
that the forms +(x? — 3y”) are not properly equivalent. You will need to 
show that the equation a” — 3c? = | has no solutions. 


This shows that C(dx) % C(Ox) for K = Q(V3). 


7.19. 


7.20. 


7.21. 
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In Exercises 7.19—7.24 we will explore two versions of Theorem 7.7 that hold 
for real quadratic fields K. To begin, we will study the orientation of a basis 
a, 8 of a proper ideal a = (a, 6] of an order O in K. Let a++ a’ denote the 
nontrivial automorphism of K. 


(a) Prove that a’ 8 — a’ € R*. We then define sgn(a, 8) to be the sign of 
the nonzero real number a’ 3 — af’. 

(b) Let (2 q) € GL(2,Z), and set @ = pa+qf, B=ra+s8. Note that 
a = [a, 8] = [&, 8]. Prove that 


sgn(a, 8) = det @ ‘) sgn(a, 3). 


We say that a, @ are positively oriented if sgn(a, @) > 0 and negatively ori- 
ented otherwise. By (b), two bases of a have the same orientation if and only 
if their transition matrix is in SL(2,Z). 


Theorem 7.7 was proved using a map from quadratic forms to ideals. In the 
real quadratic case, such a map is harder to describe (see Exercise 7.24), but 
it is relatively easy to go from ideals to forms. The goal of this exercise is to 
show how this is done. Let © be an order in a real quadratic field K, and let 
a = [a, 3] be a proper O-ideal. Then define the quadratic form f(x,y) by the 


formula 
N(ax— By) 
N(a) | 
At this point, all we know is that f(x,y) has rational coefficients. Let 7 = 8/a, 


and let ax” + bx +c be the minimal polynomial of 7. We can assume that 
a,b,c € Z, a > Oand gced(a,b,c) = 1. 


f(x,y) = 


(a) Prove that N(a) = |N(a)|/a. Hint: adapt the proof of (7.16) to the real 
quadratic case. Exercise 7.14 will be useful. 


(b) Use (a) to prove that f(x,y) = sgn(N(a))(ax” + bxy+ cy). Thus f(x,y) 
has relatively prime integer coefficients. 


(c) Prove that the discriminant of f(x,y) is D, where D is the discriminant 
of O. Hint: see Exercise 7.12. 


In this exercise we will construct a bijection Ct (O) ~ C(D), where Ct (O) is 
defined in the text. 


(a) Let a be a proper O-ideal, and write a = [a, 8] where sgn(a, 3) > 0 (see 
Exercise 7.19). Then let f(x,y) be the corresponding quadratic form 
defined in Exercise 7.20. If &, 6 is another positively oriented basis of 
a, then show that the corresponding form g(x,y) from Exercise 7.20 is 
properly equivalent to f(x,y). Furthermore, show that all forms properly 
equivalent to f(x,y) arise in this way. 
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(b) If \ € O and N(A) > 0, then show that Aa gives the same class of forms 
as a. Hint: show that sgn(Aaq, Af) = sgn(N(A))sgn(a, 8). 


(c) From (a), (b) and Exercise 7.20 we get a well-defined map Ct (OQ) > 
C(D). To show that the map is injective, suppose that a and a give the 
same class in C(D). By (a), we can choose positively oriented bases 
a = [a, 8] and a = [G, 6] which give the same form f(x,y). 


(i) Using Exercise 7.19, show that sgn(N(a@)) = sgn(N(a@)). Hence 
N(ad&) > 0. Then replacing a and @ by ada and a4 respectively 
allows us to assume that a = G, i.e., a = [a, 6] and a = [a, f). 

(ii) Let t = B/a and = = B/a. Show that f(r, 1) = f(7,1) =0, so that 
7 =7 or7’. Then show that ¢ = 7’ contradicts sgn(a, 3) > 0, which 
proves that 6 = B. 


(d) To prove surjectivity, let f(x,y) = ax? + bxy + cy” be a form of discrim- 
inant D, and let r be either of the roots of ax? + bx+c = 0. First show 


that ar € O. Then define an O-ideal a as follows: if a > 0, then 


~ 


a = [a,aT] where f(r, 1) =0, sgn(1,7) > 0, 
and if a < 0, then 
a=J/dx[a,at]| — where f(r, 1) = 0, sgn(1,7) <0. 


Show that a is a proper O-ideal and that the form corresponding to a 
from Exercise 7.20 is exactly f(x,y). 


This completes the proof that Ct (O) — C(D) is a bijection. 


7,22. In this exercise we will construct a bijection C(O) ~ C,(D), where C,(D) is 
defined in the text. Our treatment of C,(D) is based on Zagier [111, §8]. 


(a) Let a = [a, 6] be a proper O-ideal, where this time we make no assump- 
tions about sgn(a, 8). Define f(x,y) to be the quadratic form 


Fly) =sen(a, 8), 


which by Exercise 7.20 has relatively prime integer coefficients and dis- 
criminant D. Show that as we vary over all bases of a, the corresponding 
forms vary over all forms signed equivalent to f(x,y). 


(b) Show that the map a+> f(x,y) from (a) induces a well-defined bijection 
C(O) ~ C,(D). Hint: adapt parts (b)—-(d) of Exercise 7.21. 


7.23. This exercise will study the relations between C(Q),Ct (O),C(D) and C,(D). 


(a) Let K be an imaginary quadratic field. 
(i) Show that P+(O) = P(O), so that C* (O) always equals C(O). 
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(ii) The relation between C(D) and C,(D) is more interesting. Namely, 
in C(D), we had to explicitly assume that we were only dealing with 
positive definite forms. However, in C,(D), one uses both positive 
definite and negative definite forms. Show that any negative definite 
form is signed equivalent to a positive definite one, and conclude 
that C(D) ~ C,(D). 

(b) Now assume that K is a real quadratic field. 


(i) Show that there are natural surjections 
ct(O) — C(O) 
C(D) — C,(D) 


which fit together with the bijections of Exercises 7.21 and 7.22 to 
give a commutative diagram 


ct(O) —> C(D) 
+ + 
C(O) -%+ C,(D). 
(ii) Show that the kernel of Ct(O) + C(O) is P(O)/P+(O) and that 
P(O) = P+ (O)U VdxP* (©). Then conclude that 


Ict(O)| _ f1 if O has a unit of norm —1 
IC(O)| 2 _ otherwise. 


(iii) From (i) and (ii), conclude that 


IC(D)| _ f1 if O has a unit of norm —1 
IC.(D)| | 2 otherwise. 


7.24. Write down inverses to the bijections Ct(O) — C(D) and C(O) + C,(D) 
of Exercises 7.21 and 7.22. Hint: see part (d) of Exercise 7.21. Note that the 
answer is more complicated than the map ax” + bry +cy* > [a,(—b+ VD) /2] 
of Theorem 7.7. 


7.25. Let ¢: {Ox-ideals prime to f} — {O-ideals prime to f} be a bijection which 
preserves multiplication. Show that we can extend ¢ to an isomorphism ¢: 


Ik(f) > 1(0,f). 
7.26. Let O be an order of conductor f. 


(a) Let a be an ideal of O which is relatively prime to f. Prove that a is a 
prime O-ideal if and only if aOx is a prime Ox-ideal. Hint: use Propo- 
sition 7.20 to show that O/a ~ Ox /aOx. 

(b) Use (a) and the unique factorization of ideals in Ox to show that O-ideals 
relatively prime to the conductor can be factored uniquely into prime O- 
ideals (which are also relatively prime to f). 
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7.27. If a, 8 € Ox and a= 8 mod mOx for some integer m, then prove that N(a) = 
N(8) mod m. 


7.28. Let K be a quadratic field, and let p be prime in Ox. The goal of this exercise 
is to prove that 


\(Ox/p")*| = N(p)"~'(N(p) — 1). 
The formula is true if n = 1, and the general case follows easily by induction 
once we prove that there is an exact sequence 


1 — Ox/p + (Ox/p")* — (Ox/p"')* 1 


for n > 2. For the rest of the exercise fix an integer n > 2. 


(a) Show that (Ox /p")* + (Ox/p"—!)* is onto. Hint: take an element [a] € 
(Ox/p"~!)*, which means that af = 1+-y, where 8 € Ox andy € p"—!. 
Then show that a(6 + yd) — 1 € p” for some 6 € Ox. 


(b) By unique factorization, we know that p” is a proper subset of p”~'. Pick 
u€p"—! such that u ¢ p”. 


(i) Given a € Ox, show that [1 + au] € (Ox /p")*. 


(ii) From (i), it is easy to define a map ¢ : Ox/p > (Ox/p")*. With this 
definition of ¢, show that the above sequence is exact. 


7.29, Let K be an imaginary quadratic field. 


(a) Let a = [Jj_, p;’ be the factorization of a into powers of distinct primes. 
Show that there is a natural isomorphism 


Ox/a~][(Ox/9- 
i=1 


This is the Chinese Remainder Theorem for Ox. Hint: it is easy to con- 
struct a map and show it is injective. Then use part (ii) of Lemma 7.14. 


(b) Use (a) and the previous exercise to show that if a is a nonzero ideal of 


Ox, then 
hee 7 1 
|(Ox/a)*| = N(a) I (1 wa) : 


Notice the similarity to the usual formula for ¢(n) = |(Z/nZ)*|. 


(c) If m is a positive integer, conclude that 
1 dx\ 1 
Ox /mOx)*| =m (1-2) (1-()<), 
(Ox /mOx)*| II F mee 


where (dx / p) is the Kronecker symbol when p = 2. 
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7.30. Let K be any quadratic field, and let f be a positive integer. 
(a) Use the obvious maps 
{+1} —> (Z/fZ)* x O¢ 
(Z/fZ)" x Ox —* (Ox/fOx)" 
and the maps from (7.27) to prove that there is an exact sequence 
1 —> {+1} — (Z/fZ)* x Of —> (Ox/fOx)* 
— Ik(f) Px /Px,z(f) — 1. 


Notice that when Of = {+1}, this sequence is equivalent to (7.27). 
(b) Use the exact sequence of (a) to prove Theorem 7.24 for all imaginary 
quadratic fields. 
7.31. Prove Corollary 7.28. 


7.32. In this exercise we will use the inequality 


log |dx| [2/P| 
(x) Kd) > eee 
* 55 a ( pti ) 


to study the equation h(dx) = h, where h > 0 is a fixed integer and dx varies 
over all negative discriminants. 

(a) Show that 1 — [2,/p]/(p +1) > 1/2 when p > 11. 

(b) If h(dx) =h, then use (a) and genus theory to conclude that 
(ec 


1] — 3-22(h)+2’ 
pldx ,p<dx Es 


where 12(h) is the highest power of 2 dividing h. Hint: use Theo- 
rems 3.15 or 6.1 to show that dx is divisible by at most 12(h) + 1 distinct 
primes. 


(c 


wS 


If h(dx) = h, then show that (*) gives us the following estimate for |dx|: 
ldx| < i622 2p 
It follows that there are only finitely many negative discriminants with 
class number at most h. Unfortunately, this bound is rarely useful in 
practice. On the other hand, a more careful analysis of («) can be used to 
prove |dx| < e!®© when h = 3 (see Oesterlé [A17]). As Oesterlé explains 
in [81], this is strong enough to solve the class number 3 problem. 
(d) If h is fixed and D=0,1 mod 4 varies over all negative integers, show 
that the equation h(D) = h has only finitely many solutions. Hint: use 
genus theory to bound the number of primes dividing D, and then use 
Theorem 7.24. 


7.33. In Theorem 7.30, complete the proof of (i) => (ii) sketched in the text. 
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§8. CLASS FIELD THEORY AND THE CEBOTAREV DENSITY THEOREM 


In this section we will present a classical formulation of class field theory, where 
Abelian extensions of a number field are described in terms of certain generalized 
ideal class groups. After stating the main theorems (without proof), we will illustrate 
their use by proving the Kronecker—Weber Theorem and the existence of the Hilbert 
class field. We will then discuss generalized reciprocity theorems for the nth power 
Legendre symbol (a/p),, and show how quadratic reciprocity follows from class field 
theory. 

The Cebotarev Density Theorem hasn’t been mentioned before, but it provides 
some important information about the behavior of the Artin map. One of its classic 
applications is Dirichlet’s theorem on primes in arithmetic progressions, and in §9 
we will use the same methods to study primes represented by a given quadratic form. 
Another consequence of the Density Theorem is that a Galois extension of a number 
field is determined uniquely by the primes in the base field that split completely 
in the extension. As we will see, this is closely related to our basic problem of 
characterizing the primes represented by x? + ny”. 

Our account of class field theory will be incomplete in several ways. At the end 
of the section we will discuss two of the most obvious omissions, norms and ideles. 


A. The Theorems of Class Field Theory 


We begin our treatment of class field theory with the notion of a modulus. Given a 
number field K, a modulus in K is a formal product 


m= I] pr 
p 
over all primes p, finite or infinite, of K, where the exponents must satisfy: 
(i) ny > 0, and at most finitely many are nonzero. 
(ii) Np =O wherever p is a complex infinite prime. 


(iii) mp < 1 whenever p is a real infinite prime. 


A modulus m may thus be written mom.., where mo is an Ox-ideal and may is a 
product of distinct real infinite primes of K. When all of the exponents ny are zero, 
we set m = 1. Note that for a purely imaginary field K (the case we’re most interested 
in), a modulus may be regarded simply as an ideal of Ox. 

Given a modulus m, let /x(m) be the group of all fractional Ox-ideals relatively 
prime to m (which means relatively prime to mo), and let Px ,;(m) be the subgroup of 
Ix(m) generated by the principal ideals (Ox, where a € Ox satisfies 


a@=1modmp and o(a) > 0 for every real infinite prime o dividing m.o. 


A basic result is that Px,;(m) has finite index in Jx(m). When K is imaginary 
quadratic, this is proved in Exercise 8.1, while the general case may be found in 
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Janusz [62, Chapter IV.1]. A subgroup H C Ix(m) is called a congruence subgroup 
for m if it satisfies 
Px x(m) CHc Tx(m), 


and the quotient 
I(m)/H 


is called a generalized ideal class group for m. 

For an example of these concepts, consider the modulus m = 1. Then Px = Px 1 (1) 
is a congruence subgroup, so that the ideal class group C(Ox) = Ik /Px is a gener- 
alized ideal class group. We also get some interesting examples from §7. Let O be 
an order of conductor f in an imaginary quadratic field K. In Proposition 7.22 we 
proved that the ideal class group C(O) can be written 


C(O) = Ix(f)/Pxz(f), 


where Px z(f) is generated by the principal ideals aOx for a =a mod fOx,a€ Z 
and gcd(a, f) = 1. If we use the modulus fOx, then the definition of Px 1(fOx) 
shows that 


(8.1) Pxji(fOx) C Px,z(f) C Ix(f) = Ix(fOx), 


and thus Pxz(f) is a congruence subgroup for fOx. This proves that C(Q) is a 
generalized ideal class group of K for the modulus fOx. In §7, the group Px,z(f) 
seemed awkward, but it’s a very natural object from the point of view of class field 
theory. 

The basic idea of class field theory is that the generalized ideal class groups are 
the Galois groups of all Abelian extensions of K, and the link between these two is 
provided by the Artin map. To make this precise, we need to define the Artin map of 
an Abelian extension of K. 

Let m be a modulus divisible by all ramified primes of an Abelian extension K C 
L. Given a prime p not dividing m, we have the Artin symbol 


L/K 
(=) € Gal(L/K) 
p 
from §5. As in the discussion preceding Theorem 5.23, the Artin symbol extends by 
multiplicativity to give us a homomorphism 


Bm :Ix(m) —> Gal(L/K) 


which is called the Artin map for K C L and m. When we want to refer explicitly to 
the extension involved, we will write ®; xm instead of ®n. 

The first theorem of class field theory tells us that Gal(L/K) is a generalized ideal 
class group for some modulus: 


Theorem 8.2. Let K CL be an Abelian extension, and let m be a modulus divisible 
by all primes of K, finite or infinite, that ramify in L. Then: 
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(i) The Artin map ©» is surjective. 


(ii) If the exponents of the finite primes m are sufficiently large, then ker(®.,) is a 
congruence subgroup for m, i.e., 


Px i(m) C ker(®m) C Ix(m), 
and consequently the isomorphism 
Ix(m) /ker(®,,) —+ Gal(L/K) 
shows that Gal(L/K) is a generalized ideal class group for the modulus m. 
Proof. See Janusz (62, Chapter V, Theorem 5.7]. Q.E.D. 


This theorem is sometimes called the Artin Reciprocity Theorem. The key ingre- 
dient is the condition Px ;(m) C ker(®,,), for it says (roughly) that the Artin symbol 
((L/K)/p) depends only on p up to multiplication by a, a = 1 mod m. Later in this 
section we will see how Artin reciprocity relates to quadratic, cubic and biquadratic 
reciprocity. 

Let’s work out an example of Theorem 8.2. Consider the extension Q C Q(¢,,), 
where ¢,, = e2”/" is a primitive mth of unity, and let m be the modulus moo, where 
oo is the real infinite prime of Q. Using Proposition 5.11, one sees that any prime 
not dividing m is unramified in Q(¢,,) (see Exercise 8.2), and it follows that the Artin 
map 

®m : Ig(m) — Gal(Q(¢,,)/Q) = (Z/mZ)* 


is defined. ®,, can be described as follows: given (a/b)Z € Ig(m), where a/b > 0 
and gcd(a,m) = gcd(b,m) = 1, then 


(8.3) On (52) = [al[b]"! € (Z/mZ)*. 


It follows easily that 
(8.4) ker(®m) = Pg,1(m) 


(see Exercise 8.2). The importance of this computation will soon become clear. 

One difficulty with Theorem 8.2 is that the m for which ker(®,) is a congruence 
subgroup is not unique. In fact, if Px,1(m) C ker(®,) and nis any modulus divisible 
by m (it’s clear what this means), then 


Px i(m) & ker(®y) => Px s(n) C ker(®,) 


(see Exercise 8.4), so that Gal(L/K) is a generalized ideal class group for infinitely 
many moduli. However, there is one modulus which is better than the others: 


Theorem 8.5. Let K C L be an Abelian extension. Then there is a modulus f = 
f(L/K) such that 
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(i) A prime of K, finite or infinite, ramifies in L if and only if it divides f. 


(ii) Let m be a modulus divisible by all primes of K which ramify in L. Then 
ker(®,,) is a congruence subgroup for m if and only if § | m. 


Proof. See Janusz {62, Chapter V, §6 and Theorem 12.7]. Q.E.D. 


The modulus f(L/K) is uniquely determined by K C L and is called the conduc- 
tor of the extension, and for this reason Theorem 8.5 is often called the Conductor 
Theorem. In Exercise 8.5 we will compute the conductor of Q C Q(¢,,) (it need not 
be m), and in §9 we will compute the conductor of a ring class field. 

The final theorem of class field theory is the Existence Theorem, which asserts that 
every generalized ideal class group is the Galois group of some Abelian extension 
K CL. More precisely: 


Theorem 8.6. Let m be a modulus of K, and let H be a congruence subgroup for m, 
ie., 
Px (m) CHC Tx(m). 


Then there is a unique Abelian extension L of K, all of whose ramified primes, finite 
or infinite, divide m, such that if 


®, : [g(m) — Gal(L/K) 
is the Artin map of K C L, then 
H =ker(®,). 
Proof. See Janusz {62, Chapter V, Theorem 9.16]. Q.E.D. 


The importance of this theorem is that it allows us to construct Abelian extensions 
of K with specified Galois group and restricted ramification. This will be very useful 
in the applications that follow. 

Now that we’ve stated the basic theorems of class field theory, the next step is to 
indicate how they are used. We will start with two of the nicest applications: proofs 
of the Kronecker~Weber Theorem and the existence of the Hilbert class field. A key 
tool in both proofs is the following corollary of the uniqueness part of Theorem 8.6: 


Corollary 8.7. Let L and M be Abelian extensions of K. Then L C M if and only if 
there is a modulus m, divisible by all primes of K ramified in either L or M, such that 


Pg(m) C ker(®yx,m) C ker(®z/x,m)- 


Proof. First, assume that L C M, and let r: Gal(M/K) — Gal(L/K) be the restriction 
map. By Theorem 8.2 and Exercise 8.4, there is a modulus m for which ker(®z/x 1m) 
and ker(®y/xm) are both congruence subgroups for m. The proof of Exercise 5.16 
shows that ro ®y/x,m = ®z/K,m, and then ker(®yj/x m) C ker(®z/x,m) follows im- 
mediately. 
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Going the other way, assume that Px,1(m) C ker(®yx,m) C ker(®z/x,m)- Then, 
under the map ®y/x,m: Ix(m) —> Gal(M/K), the subgroup ker(®,/x m) C Ixn(m) 
maps to a subgroup H C Gal(M/K). By Galois theory, H corresponds to an inter- 
mediate field K C LC M. The first part of the proof, applied to L c M, shows that 
ker(®; x im) = ker(®z/x,m)- Then the uniqueness part of Theorem 8.6 shows that 


L=LCM, and we are done. Q.E.D. 


We can now prove the Kronecker-Weber Theorem, which classifies all Abelian 
extensions of Q: 


Theorem 8.8. Let L be an Abelian extension of Q. Then there is a positive integer 
m such that LC QC)» C= e2ti/m 


Proof. By the Artin Reciprocity Theorem (Theorem 8.2), there is a modulus m such 
that Pg,\(m) C ker(®; qm), and by Exercise 8.4, we may assume that m = moo. By 
(8.4) we know that Pg,;(m) = ker(®Qv¢,)/Q,m), So that 


Po, (m) = ker(®q¢¢_,)/Q,m) Cc ker(®, xm): 
Then Lc Q(¢,,) follows from Corollary 8.7. Q.E.D. 


We should mention that the Kronecker-Weber Theorem can be proved without 
using class field theory (see Marcus [77, Chapter 4, Exercises 29-36]). 

Next, let’s discuss the Hilbert class field. To define it, apply the Existence The- 
orem (Theorem 8.6) to the modulus m = | and the subgroup Px C J, (note that 
Px = Px,,(m) in this case). Thus there is a unique Abelian extension L of K, unram- 
ified since m = 1, such that the Artin map induces an isomorphism 


(8.9) C(Ox) = Ix/Px —+ Gal(L/K). 
Lis the Hilbert class field of K, and its main property is the following: 


Theorem 8.10. The Hilbert class field L is the maximal unramified Abelian extension 
of K. 


Proof. We already know that L is an unramified extension. Let M be another unram- 
ified extension. The first part of the Conductor Theorem (Theorem 8.5) implies that 
f(M/K) = 1 since a prime ramifies if and only if it divides the conductor, and then 
the second part tells us that ker(®y/,;) is a congruence subgroup for the modulus 
1, so that 

PRC ker(®y/x,1)- 


By the definition of the Hilbert class field, this becomes 
Px = ker(®z x1) C ker(®yx,1); 
and then M C L follows from Corollary 8.7. Q.E.D. 


Notice that Theorems 5.18 and 5.23 from §5 are immediate consequences of (8.9) 
and Theorem 8.10. 
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There is a generalization of the Hilbert class field called the ray class field. Given 
any modulus m, the Existence Theorem shows that there is a unique Abelian exten- 
sion Km of K such that 

Px,1(m) = ker(®x,, /x,m)- 


Ky is called the ray class field for the modulus m, and when m = 1, this reduces 
to the Hilbert class field. Another example is given by the cyclotomic field Q(¢,,): 
here, (8.4) shows that Q(¢,,) is the ray class field of Q for the modulus moo. We also 
get a nice interpretation of the conductor f(L/K) of an arbitrary Abelian extension L 
of K: it’s the smallest modulus m for which L is contained in the ray class field Km 
(see Exercise 8.6). 

Besides proving these classical results, class field theory is also the source of most 
reciprocity theorems. In particular, we will discuss some reciprocity theorems for the 
nth power Legendre symbol (a/p), mentioned in §5. To define this symbol, let K be 
a number field containing a primitive nth root of unity ¢, and let p be a prime ideal 
of Ox. Then, for a € Ox prime to p, we have Fermat’s Little Theorem 


aN(P)-! = | mod p. 


Suppose that in addition p is prime to n. It can be shown that n | N(p) — 1 (see 
Exercise 5.13), and it follows that x = a(P)-!)/" is a solution of the congruence 
x" = | mod p. Consequently 


aN(@)-D/" = 1,¢,...,0°-! mod p. 


Since the nth roots of unity are distinct modulo p (see Exercise 5.13), a )~1)/" jg 
congruent modulo p to a unique nth root of unity. This root of unity is defined to be 
the nth power Legendre symbol (a:/p)n, so that (a/p), satisfies the congruence 


aN (P)—1)/n — (2) mod p. 


This symbol is a natural generalization of the Legendre symbols (a/7)3 and (a/7)4 
from cubic and biquadratic reciprocity. 

The nth power Legendre symbol can be defined for more general ideals as follows: 
given an ideal a of Ox which is prime to n and a, we set (a/a), to be the product 


(2), “HG, 


where a = p; -:-p, is the prime factorization of a. Thus, if m is a modulus of K such 
that every prime containing na divides m, then the nth power Legendre symbol gives 
a homomorphism 


(2) :I(m) —> fins 


where yu, C C* is the group of nth roots of unity. 
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We will prove two reciprocity theorems for the nth power Legendre symbol, but 
first we need to recall a fact from Galois theory. If K has a primitive nth root of 
unity, then for a € K, the extension K C L = K(/a) is Galois, and if o € Gal(L/K), 
then o(¥/a) = ¢x/a for some nth root of unity ¢. This gives us a map 0 +> ¢, which 
defines an injective homomorphism 


Gal(L/K) © pn. 
We can now state our first reciprocity theorem for (a/a)y: 
Theorem 8.11 (Weak Reciprocity). Let K be a number field containing a primitive 
nth root of unity, and let L = K(¥/a), where a € Ox is nonzero. Assume that m is 


a modulus divisible by all primes of K containing na, and assume in addition that 
ker(®z xm) is a congruence subgroup for m. Then there is a commutative diagram 


IG) Gall) 


aN, | 


Bn, 


where Gal(L/K) © fin, is the natural injection. Thus, if G is the image of Gal(L/K) 
in [n, then the nth power Legendre symbol (a/a), induces a surjective homomor- 
phism 


e) :Tk(m)/Px,i(m) —> GC pln. 


Proof. To prove that the diagram commutes, it suffices to show 
L/K a 
(=e ) (Wa) = 6) a. 
p P/n 
This is an easy consequence of the definition of the Artin symbol (from Lemma 5.19). 
The case n = 3 was proved in (5.22), and for general n, see Exercise 5.14. 
Turning to the final statement of the theorem, recall that ker(®, xm) is a congru- 


ence subgroup for m. Thus Px,(m) C ker(®;/x,m) C Jx(m), so that the Artin map 
®1/xk,m induces a surjective homomorphism 


Ix(m)/Px1(m) —> Ix(m)/ker(®z/x,m) —+ Gal(L/K). 
Using the above commutative diagram, the theorem follows immediately. Q.E.D. 


This result is called “Weak Reciprocity” because rather than giving formulas for 
computing (a/a),, the theorem simply asserts that the symbol is a homomorphism 
on an appropriate group. Nevertheless, Weak Reciprocity is a powerful result. For 
example, let’s use it to prove quadratic reciprocity: 


Theorem 8.12. Let p and q be distinct odd primes. Then 


(6) (2)-ernen 
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Proof. Recall from §1 that quadratic reciprocity can be written in the form 


where p* = (—1)?—")/2p, 

The first step is to study Q C Q(\/p*). By (8.3) and (8.4), Gal(Q(¢,)/Q) is a 
generalized ideal class group for the modulus poo, which implies that the same is 
true for any subfield of Q(¢,) (see Exercise 8.7). Since Gal(Q(¢,)/Q) is cyclic of 
order p — 1, there is a unique subfield Q C K C Q(¢,) which is quadratic over Q. 
Then Gal(K/Q) is a generalized ideal class group for poo, which implies that p is 
the only finite prime of Q that ramifies in K. If we write K = Q(,/m), m squarefree, 
then Corollary 5.17 implies that m = p*, and hence K = Q(,/p*) (see Exercise 8.7). 

It follows that ker(®Qy 5) /Q,po0) is a congruence subgroup for poo, and thus by 
Weak Reciprocity, the Legendre symbol (p*/-) gives a surjective homomorphism 


(8.13) Ig (poo) /Pg,1(poo) — {+1}. 


However, the map sending [a] € (Z/pZ)* to [aZ] € Ig(poo)/Pg,1(poo) induces an 
isomorphism (Z/pZ)* + Ig(poo)/Pg,1(poo) (see Exercise 8.7). Composing this 
map with (8.13) shows that (p*/-) induces a surjective homomorphism from (Z/pZ)* 
to {+1}. But the Legendre symbol (-/p) is also a surjective homomorphism between 
the same two groups, and since (Z/pZ)* is cyclic, there is only one such homomor- 


q P 


and we are done. Q.E.D. 


The proof just given is closely related to the discussion of quadratic reciprocity 
from §1. Recall that a key result implicit in Euler’s work was Lemma 1.14, which 
showed that (D/-) gives a well-defined homomorphism defined on (Z/DZ)* when 
D =0,1 mod 4. The above argument uses Weak Reciprocity to prove this when 
D = p*. In this way Weak Reciprocity (or more generally, Artin reciprocity) may be 
regarded as a far-reaching generalization of Lemma 1.14. 

Before we can state our second reciprocity theorem for the nth power Legendre 
symbol, we need some notation: if a and 6 are in Ox, then (a/8Ox), is written 
simply (a/8),, when defined. Then we have the following reciprocity theorem for 


(a/B)n: 


Theorem 8.14 (Strong Reciprocity). Let K be a number field containing a primitive 
nth root of unity, and suppose that a, 8B € Ox are relatively prime to each other and 


ton. Then sh 
(5), (5), - 1"), 


p|nco 


where (a,8/)n is the nth power Hilbert symbol (to be discussed below) and ov is 
the product of the real infinite primes of K (which can occur only when n = 2). 
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Proof. While Weak Reciprocity was an immediate consequence of Artin reciprocity, 
Strong Reciprocity is a different matter, for here one must first study the nth power 


n 


This symbol is an nth root of unity defined using the local class field theory of the 
completion K, of K at the prime p. Since we haven’t discussed local methods, we 
can’t even give a precise definition. A full discussion of the Hilbert symbol is given 
in Hasse [49, Part II, §§11-12, pp. 53-64] and Neukirch [80, §§III.5 and IV.9, pp. 
50-55 and 110-112], and both references present a complete proof of the Strong 
Reciprocity theorem. In Exercise 8.9 we will list the main properties of the Hilbert 
symbol. Q.E.D. 


To get a better idea of how Strong Reciprocity works, let’s apply it to cubic reci- 
procity. Here, n = 3 and K = Q(w), w = e?”/3, and the only prime of Ox dividing 
3 is \= 1 —w. Thus, given nonassociate primes 7 and 6 in Ox, Strong Reciprocity 


tells us that 
T 0 meet 1,0 
9),\m/)3 aA 7 


Hence, to prove cubic reciprocity, it suffices to show that 


(8.15) 7, 6 primary => (3°) =1. 
3 

The proof of cubic reciprocity is thus reduced to a purely local computation in the 
completion K) of K at A. Given the properties of the Hilbert symbol, (8.15) is not 
difficult to prove (see Exercise 8.9). Biquadratic reciprocity can be proved similarly, 
though the proof is a bit more complicated (see Hasse [49, Part II, $20, pp. 105- 
106]). This shows that class field theory encompasses all of the reciprocity theorems 
we’ve seen so far. 


B. The Cebotarev Density Theorem 


The Cebotarev Density Theorem will provide some very useful information about 
the Artin map. But first, we need to define the notion of Dirichlet density. 

Let K be a number field, and let Px be the set of all finite primes of K. Given a 
subset S C Px, the Dirichlet density of S is defined to be 


_ dupes N(p) 
NO) ose a 


provided the limit exists. The basic properties of the Dirichlet density are: 
(i) 6(Px) =1. 
(ii) If S C T and 6(S) and 6(T) exist, then 6(S) < (7). 
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(iii) If 6(S) exists, then 0 < 6(S) < 1. 
(iv) If S and T are disjoint and 6(S) and 6(T) exist, then 6(SUT) = 6(S)+4(T). 
(v) If S is finite, then 6(S) = 


(vi) If 5(S) exists and 7 differs from S by finitely many elements, then 6(7) = 
6(S). 


To prove these properties, one first must study the Dirichlet ¢-function ¢,(s) of K. 
This function is defined by 


G(s) = $2 Ma) = T] G-N 


aCOkx pePx 


One can prove without difficulty that ¢,(s) converges absolutely for Re(s) > 1 (see 
Janusz [62, §IV.4] or Neukirch [80, §V.6]). This implies that for any S C Px, the 
sum >’ ,csN(p) * converges absolutely for Re(s) > 1 (see Exercise 8.10). A much 
deeper property of ¢;(s) is that it has a simple pole at s = 1, which enables one to 
prove 

Psa Jog(Cx(s)) a= hae Leper, N(P) 


sit —log(s—1) sit —log(s—1) 


(see Janusz {62, §IV.4] or Neukirch [80, §V.6]). This proves (i), and i it is now straight- 
forward to prove (ii)-(vi) (see Exercise 8.10). 

There is one more property of the Dirichlet density which is sometimes useful. 
Let Px,1 = {p € Px : N(p) is prime}. Px,1 is sometimes called the degree 1 primes 
in K (recall that in general, N(p) = p’, where f is the inertial degree of p € p in the 
extension Q C K). Then one can prove that 


(8.16) 6(S) = 6(SNPx,1) 


whenever 6(S) exists (see Janusz [62, §IV.4} or Neukirch [80, §V.6]). 

Now let L be a Galois extension of K, possibly non-Abelian. If p is a prime of K 
unramified in L, then different primes ‘8 of L containing p may give us different Artin 
symbols ((L/K)/%8). But all of the ((L/K)/%8) are conjugate by Corollary 5.21, 
and in fact they form a complete conjugacy class in Gal(L/K) (see Exercise 5.12). 
Thus we can define the Artin symbol ((L/K)/p) of p to be this conjugacy class in 
Gal(L/K). We can now state the Cebotarev Density Theorem: 


Theorem 8.17. Let L be a Galois extension of K, and let (co) be the conjugacy class 
of an element o € Gal(L/K). Then the set 


S = {p € Px : p is unramified in L and ((L/K)/p) = (c)} 


has Dirichlet density 
5(S) = K(o)| (a) 


|Gal(L/K)|  [L: K]’ 
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Proof. See Janusz [62, Chapter V, Theorem 10.4] or Neukirch [80, Chapter V, The- 
orem 6.4]. Q.E.D. 


Notice that the set S of the theorem must be infinite since it has positive density 
(this follows from property (v) above). In particular, we get the following corollary 
for Abelian extensions: 


Corollary 8.18. Let L be an Abelian extension of K, and let m be a modulus divisible 
by all primes that ramify in L. Then, given any element o € Gal(L/K), the set of 
primes not dividing m such that ((L/K)/p) = 0 has density 1/|L: K] and hence is 
infinite. 


Proof. When Gal(L/K) is Abelian, the conjugacy class (a) reducesto {a}. Q.E.D. 


This corollary shows that the Artin map $/x,m :/«(m) — Gal(L/K) is surjective 
in a very strong sense. 

An especially nice case is when K = Q and L = Q(¢,,), for here Corollary 8.18 
gives a quick proof of Dirichlet’s theorem on primes in arithmetic progressions (the 
details are left to the reader—see Exercise 8.11). In §9 we will apply these same 
ideas to study the primes represented by a fixed quadratic form ax” + bxy + cy*. 

Another application of Cebotarev Density concerns primes that split completely 
in a Galois extension K C L. Namely, if we apply Theorem 8.17 to the conjugacy 
class of the identity element, we see that the primes in K for which ((L/K)/p) = 1 
have density 1/[L : K]. However, from Corollary 5.21, we know that 


L/K : 
(=) =1 <=> p splits completely in L. 
Thus the primes that split completely in L have density 1/[L : K], and in particular 
there are infinitely many of them. The unexpected fact is that these primes charac- 
terize the extension K C L uniquely. Before we can prove this, we need to introduce 
some terminology. 

Given two sets S and 7, we say that S C J if SC J UE for some finite set &, 
and S = 7 means that S C JT and TJ CS. Also, given a finite extension K C L, we 
set 

Six = {p © Px : p splits completely in L}. 


We can now state our result: 

Theorem 8.19. Let L and M be Galois extensions of K. Then 
(i) LOM => Sujx C Sik. 
(ii) L=M <=> Syjx = Sik. 


Proof. Notice that (ii) is an immediate consequence of (1). As for (i), we will prove 
the following more general result which applies when only one of L or M is Galois 
over K. This will be useful in §§9 and 11. 
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Proposition 8.20. Let L and M be finite extensions of K. 
(i) If M is Galois over K, thenL CM <=> Sy/x CSz;x. 


(ii) If Lis Galois over K, thnLCM <=> Sy /K CSrx, where Sy /K is the set 


Su/K = {p € Px : p unramified in M and fz), = 1 for some prime B of M}. 


Remark. If M is Galois over K, then Su /K teduces to Sy/x (see Exercise 8.12), and 
thus either part of Proposition 8.20 implies Theorem 8.19. 


Proof. We start with the proof of (ii). When L C M, it is easy to see that Sy /K CS, /K 
(see Exercise 8.12). Conversely, assume that Se [KC Sz/x, and let N be a Galois 
extension of K containing both L and M. By Galois theory, it suffices to show that 
Gal(N/M) C Gal(N/L). Thus, given 0 € Gal(N/M), we need to prove that o|, is 
the identity. 

By the Cebotarev Density Theorem, there is a prime p in K, unramified in N, 
such that ((N/K)/p) is the conjugacy class of o. Thus there is some prime 8 of N 
containing p such that ((N/K)/38) = 0. We claim that p € Sy/x. To see why, let 
3B’ = BO Oy. Then, for a € Oy, we have 


a=o(a) =a) mod 9. 


The first congruence follows from o|,, = 1, and the second follows by the definition 
of the Artin symbol (see Lemma 5.19). Thus Oy /%B’ ~ Ox/p, so that fap) = 1. 
This shows that p € Sy /K as claimed. 

The Density Theorem implies that there are infinitely many such p’s. Thus our 
hypothesis Su/k C S1/x allows us to assume that p € S,/x, i.e., ((L/K)/p) = 1. But 
Exercise 5.9 tells us that ((L/K)/p) = ((N/K)/B)|,. Since o = ((N/K)/%B), we see 
that o|, = 1 as desired. 

To prove (i), first note L C M easily implies Sy/x CS, /K (see Exercise 8.12). To 
prove the other direction, let L’ be the Galois closure of L over K. It is a standard fact 
that a prime of K splits completely in L if and only if it splits completely in L’ (see 
Exercises 8.13-8.15 or Marcus [77, Corollary to Theorem 31]). This implies that 
Si/K = Sy /x. Since M is Galois over K, we’ve already observed that Sy /K = SM/K- 
Thus our hypothesis Sy/x CS,/x can be written Su/k C Sy /x, so that by part (ii) 
we obtain L’ c M, which obviously implies L C M. This completes the proofs of 
Proposition 8.20 and Theorem 8.19. Q.E.D. 


Theorem 8.19 is closely related to Corollary 8.7. The reason is that if K C L 
is Abelian, then the set S,/x of primes that split completely is, up to a finite set, 
exactly the prime ideals in ker(®z/x,m), where m is any modulus divisible by all 
of the ramified primes. Thus we don’t need the whole kernel of the Artin map to 
determine the extension—just the primes in it will suffice! In particular, this shows 
that Theorem 8.19 is relevant to our question of which primes p are of the form 
x? + ny”. To see why, consider the situation of Theorem 5.1. Here, K is an imaginary 
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quadratic field of discriminant dx = —4n (which means that n satisfies (5.2)). Then, 
by Theorem 5.26, 


p=x+ny? <> p splits completely in the Hilbert class field of K 


whenever p is an odd prime not dividing n. Thus Theorem 8.19 shows that the primes 
represented by x? + ny” characterize the Hilbert class field of Q(,/—n) uniquely. In 
§9 we will give a version of this result that holds for arbitrary n. 


C. Norms and Ideles 


Our discussion of class field theory has omitted several important topics. To give 
the reader a sense of what’s been left out, we will say a few words about norms and 
ideles. 

Given a finite extension K C L, there is the norm map N, /x : L* — K*, and Nz/x 
can be extended to a map of ideals 


Ni/K we => Ix 


(see Janusz [62, §1.8]). The importance of the norm map is that it gives a precise 
description of the kernel of the Artin map. Specifically, let L be an Abelian extension 
of K, and let m be a modulus for which Px,;(m) C ker(®z,/x,m). Then an important 
part of the Artin Reciprocity Theorem states that 


(8.21) ker(®z/x,m) = Nix (dn(m))Px,1(m) 


(see Janusz [62, Chapter V, Theorem 5.7]). Norms play an essential role in the proofs 
of the theorems of class field theory. 

Class field theory can be presented without reference to ideles (as we have done 
above), but the idelic approach has some distinct advantages. Before we can see why, 
we need some definitions. Given a number field K, the idele group Ix is the restricted 


product 
Ik =| [°Ky, 
p 


where p runs over all primes of K, finite and infinite, and Ky is the completion of K at 
p. The symbol ae means that Ix consists of all tuples (x, ) such that xp € Og, for all 
but finitely many p. Ix is a locally compact topological group, and the multiplicative 
group K* imbeds naturally in Ix as a discrete subgroup (see Neukirch [80, §IV.2] for 
all of this). The quotient group 


Ce =k /K" 


is called the idele class group. 
We can now restate the theorems of class field theory using ideles. Given an 
Abelian extension L of K, there is an Artin map 


(8.22) ®1/x : Cx —+ Gal(L/K) 
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which is continuous and surjective. This is the idele-theoretic analog of the Artin 
Reciprocity Theorem. Note that ker(,/x) is a closed subgroup of finite index in 
Cx. There is also an idelic version of the Existence Theorem, which asserts that 
there is a 1-1 correspondence between the Abelian extensions of K and the closed 
subgroups of finite index in Cx. The nice feature of this approach is that it always 
uses the same group Cx, unlike our situation, where we had to vary the modulus m 
in Jx(m) as we moved from one Abelian extension to the next. 

Norms also play an important role in the idelic theory. Given an Abelian extension 
L of K, there is a norm map 

Nix «Cy — Cx, 


and then the idelic analog of (8.21) asserts that the kernel of the Artin map ®;/x : 
Cx —> Gal(L/K) is exactly N,/x(Cz). Thus the subgroups of Cx of finite index are 
precisely the norm groups N; /x (Cy). 

Standard references for the idele theoretic formulation of class field theory are 
Neukirch [80] and Weil [104]. Neukirch also explains carefully the relation between 
the two approaches to class field theory. We will say more about ideles in §15. 


D. Exercises 


8.1. Let K be an imaginary quadratic field, and let m be a modulus for K (which 
can be regarded as an ideal of Ox). We want to show that Px 1(m) has finite 
index in Ix(m). 


(a) Show that the map a+ aOx induces a well-defined homomorphism 
p : (Ox/m)* —_ Ix(m) Px /'Px,1 (m), 


and then show that there is an exact sequence 
OR — (Ox/m)* ay Ix (m) NP /Px,i(m) — 1. 
Conclude that Jx(m) M Pr /Px,i(m) is finite. Hint: see the proof of Theo- 
rem 7.24. 
(b) Adapt the exact sequence (7.25) to show that Ix(m)/Px,;(m) is finite 
(recall that C(Ox) is finite by §2 and Theorem 7.7). 


8.2. This problem is concerned with the Artin map of the cyclotomic extension 
Qc Q(¢,,), where ¢, = e?7!/". We will assume that m > 2. 


(a) Use Proposition 5.11 to prove that all finite ramified primes of this ex- 
tension divide m. Thus the Artin map ®,,99 is defined. 


(b) Show that ®,,.. : Ig(moo) — Gal(Q(¢,,)/Q) ~ (Z/mZ)* is as described 
in (8.3). Hint: use Lemma 5.19. 


(c) Conclude that ker(®moo) = Pg,1 (moo). 
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8.3. Let Q c Q(¢,,) be as in the previous problem, and assume that m > 2. 


(a) Show that RNQ(¢,,) = Q(cos(27/m)), and then use this to conclude that 
[Q(cos(2/m)) : Q] = (1/2)e(m). 
(b) Compute the Artin map 


®,, : Ig(m) —+ Gal(Q(cos(2m/m))/Q) ~ (Z/mZ)* /{+1}. 


Hint: use the previous exercise. 
(c) Show that ker(®,,) = Po,1(m). 


8.4. Let K C Lbe an Abelian extension, and let m be a modulus for which the Artin 
map ®,, is defined. If n is another modulus and m | n, prove that 


Px i(m) C ker(®m) ==> Pr.i(n) C ker(®,). 


8.5. Prove that the conductor of the cyclotomic extension Q C Q(¢,,) is given by 


1 m<2 
f(Q(C,,)/Q) = ¢ (m/2)oo m= 2n, n> 1 odd 
moo otherwise. 


Hint: when m > 2, use Theorem 8.5 and Exercise 8.2 to show that the con- 
ductor is of the form noo for some n dividing m. Then use Corollary 8.7 
to show that Q(¢,,) C Q(¢,), which implies that ¢(m) | ¢(n). The formula 
for f(Q(¢,,)/Q) now follows from elementary arguments about the Euler ¢- 
function. 


8.6. This exercise is concerned with conductors. 


(a) Given a modulus m for a number field K, let K, denote the ray class 
field defined in the text. If Z is an Abelian extension of K, then show that 
the conductor f(L/K) is the greatest common divisor of all moduli m for 
which LC Km. 


(b) If Lis an Abelian extension of Q, let m be the smallest positive integer for 


which L C Q(¢,,) (note that m exists by the Kronecker—Weber Theorem). 
Then show that 


j(u/a) = {™ ifLCR 


moo otherwise. 


8.7. In this exercise we will fill in some of the details omitted in the proof of 
quadratic reciprocity given in Theorem 8.12. Let p be an odd prime. 


(a) If K C L is an Abelian extension such that Gal(L/K) is a generalized 
ideal class group for the modulus m of K, then prove that the same is true 
for any intermediate field K CM CL. 
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(b) If K is a quadratic field which ramifies only at p, then use Corollary 5.17 
to show that K = Q(,/p*), p* = (-1)@-)/2p. 

(c) Show that the map that sends an integer a relatively prime to p to the 
ideal aZ induces an isomorphism (Z/pZ)* — Ig(poo)/Pg,1(poo). 


8.8. This exercise will adapt the proof of Theorem 8.12 to prove the supplementary 
formula (2/p) = (—1) (P°-1)/8 from quadratic reciprocity. 


(a) Let H = {+1}P ,1(800). Show that via the Existence Theorem, H cor- 
responds to Q(/2). Hint: using the arguments of Theorem 8.12 and part 
(b) of Exercise 8.7, show that H corresponds to one of Q(i),Q(V2) or 
Q(/—2). Then use —1 € H to show that the corresponding field must 
be real. 


~ 


(b) Construct an isomorphism (Z/8Z)* — Ig(800)/Pg,1(800), and then use 
Weak Reciprocity to show that (2/-) induces a well-defined homomor- 
phism on (Z/8Z)* whose kernel is {+1}. 


(c) Show that (2/p) = (-1)@-D/8, 

8.9. In this exercise we will use Strong Reciprocity and the properties of the Hilbert 
symbol to prove cubic reciprocity. We will assume that the reader is familiar 
with p-adic fields. To list the properties of the Hilbert symbol, let K be a 
number field containing a primitive nth of unity, and let p be a prime of K. The 


completion of K at p will be denoted K,. Then the Hilbert symbol (a, 8/p)n 
is defined for a, 8 € Ky and gives a map 


(=) : Ky x Ky — bn, 


where pz, is the group of nth roots of unity. The Hilbert symbol has the follow- 
ing properties: 
(i) (aa’,B/P)n = (2, 8/P)n(a", B/P)n- 
Gi) (a, B8"/P)n = (a, B/P)n(, B'/P)n- 
ii) (a,8/p)n = (8,/p)q". 
(iv) (a,-—a:/p), = 1. 
(v) (a,l-—a/p), =1. 


For proofs of these properties of the Hilbert symbol, see Neukirch [80, §III.5). 


Now let’s specialize to the case n = 3 and K = Q(w), w = e?"/3. As we 
saw in (8.15), Strong Reciprocity shows that cubic reciprocity is equivalent to 
the assertion 

T,@ 


m,@ primary in Ox => (5*) =1 
3 
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where \ = 1 —w. Recall that 7 primary means that 7 = +1 mod 30x. In §4 we 
saw that replacing 7 by —7 doesn’t affect the statement of cubic reciprocity, 
so that we can assume that 7 = 6 = 1 mod A*Ox (note that \* and 3 differ by 
a unit in Ox). Let Ky be the completion of K at A, and let O) be the valuation 
ring of K,. We will use the properties of the cubic Hilbert symbol to show that 


a, 8 


a, 3 = 1mod 70) => (=) = Il, 
3 


and then cubic reciprocity will be proved. 


(a) If a = 1 mod \4Oj, then prove that a = u> for some u € Oy. Hint: if 
a= uw mod XQ) for n > 4, then show that a € OQ) can be chosen so 
that a = (u, +a\"~7)3 mod \"*!O). 


(b) If a € OX and a=’ mod A*O), then prove that 


aB\ _ (0,8 
A), LA; 
for any 8 € Ky. Hint: use (a) and property (i) above. Remember that 
(a, 8/)3 is a cube root of unity. 


(c) Now assume that a = 6 = 1 mod 20, and write a = 1+ad,a€ 
O . Then first, apply property (v) to 1 + a@8.?, and second, apply (b) to 
1+a6d? = 1 +a* mod 40). This proves that 


(SS) 
1 = | —————__ } 
» 3 


From here, properties (ii) and (v) easily imply that (a, 8/)3 = 1, which 
completes the proof of cubic reciprocity. 


8.10. In this exercise we will study the properties of the Dirichlet density. 


(a) Assuming that ¢;(s) = Naco,N(a)~* converges absolutely for all s with 
Re(s) > 1, show that for S C Px, the sum UpcesN(p)~* also converges 
absolutely for Re(s) > 1. 


(b) Use (a) to prove that properties (11)—(iv) of the Dirichlet density follow 
from (i) and the definition. 


8.11. Apply the Cebotarev Density Theorem to the cyclotomic extension Q C Q(¢,,) 
to show that the primes in a fixed congruence class in (Z/mZ)* have Dirich- 
let density 1/¢(m). This proves Dirichlet’s theorem that there are infinitely 
many primes in an arithmetic progression where the first term and common 
difference are relatively prime. 


8.12. Let M be a finite extension of a number field K, and let Sy /x be the set of 
primes of Ox defined in Proposition 8.20. 


8.13. 


8.14. 


8.15. 


8.16. 
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(a) If M is Galois over K, then show that Sy /K equals the set Sy /x of Theo- 
rem 8.19. 


(b) If L is a Galois extension of K and L C M, then show that Sy /K CS, /K: 
(c) If L C M are finite extensions of K, then show that Sy x C Sz/x. 


Let K C Nbe a Galois extension, and let $ be a prime of Oy. Set p= PBNOx, 
e = egy, and f = fap. If Dy C Gal(N/K) is the decomposition group of 
$8, we will denote the fixed field of Dy; by Ny. From Proposition 5.10, we 
know that |Dy| = ef, and Galois theory tells us that [NV : Noy] = |Ds|. Let 
2B’ = PN Ong - 


(a) Prove that e93/)) = fap’|p = 1. Hint: by Proposition 5.10, the map Dy — 
G is surjective, where G is the Galois group of Ox/p C On/8. Use 
Ox/P C Ong /’ C On /%, and remember that the e’s and f’s are mul- 
tiplicative (see Exercise 5.15). 


(b) Given an intermediate field K C M CN, let By = BN Oy. Prove that 
pulp = fpulp =1_<> M C Ng. 


Hint: if M C Ng, then apply (a). Conversely, show that the compositum 
NeM is the fixed field for the decomposition group of 8 in Gal(N/M). 
By applying the result of (a) to M C NM and computing degrees, one 
sees that NM = M, which implies M C Ng. 


Let L and M be finite extensions of a number field K, and let p be a prime of K 
that splits completely in L and M. Then prove that p splits completely in LM. 
Hint: let N be a Galois extension of K containing both L and M, and let 38 be 
a prime of N containing p. From Exercise 8.13 we get the intermediate field 
K CNg CN. Then use part (b) of that exercise to show that L and M lie in 
Ng, which implies LM C Nag. 


Let L be a finite extension of a number field K, and let L’ be the Galois closure 
of L over K. The goal of this exercise is to prove that S,/x = Sy /x. By part (c) 
of Exercise 8.12, we have S;/x C Sz/x, so that it suffices to show that a prime 
of K that splits completely in L also splits completely in L’. 


(a) Let o: L— C be an embedding which is the identity on K, and let p 
be an ideal of K which splits completely in L. Then prove that p splits 
completely in o(L). 

(b) Since L’ is the compositum of the o(L)’s, use the previous exercise to 
show that p splits completely in L’. 


Let K C M be a finite extension of number fields. Then prove that K C Misa 
Galois extension if and only if Sy, = Sy/x. Hint: one implication is covered 
in part (a) of Exercise 8.12, and the other implication is an easy consequence 
of Proposition 8.20. 
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§9. RING CLASS FIELDS AND p = x? +ny? 


Theorem 5.1 used the Hilbert class field to characterize p = x* + ny” when n is a 
positive, squarefree and n 4 3 mod 4. In §4, we also proved that for an odd prime p, 


= 1 mod 3 and x? = 2 mod 
pax +21y) <= { an integer solution . 
= 1 mod 4 and x4 =2 mod p 

PEE > { io an integer solution. 
These earlier results follow the format of Theorem 5.1 (note that both exponents 
are class numbers), yet neither is a corollary of the theorem, for 27 and 64 are not 
squarefree. In §9 we will use the theory developed in §§7 and 8 to overcome this 
limitation. Specifically, given an order © in an imaginary quadratic field K, we will 
construct a generalization of the Hilbert class field called the ring class field of O. 
Then, using the ring class field of the order Z[\/—n], where n > 0 is now arbitrary, 
we will prove a version of Theorem 5.1 that holds for all n (see Theorem 9.2 below). 
This, of course, is the main theorem of the whole book. The basic idea is that the 
criterion for p = x” + ny? is determined by a primitive element of the ring class field 
of Z[\/—n]. To see how this works in practice, we will describe the ring class fields of 
Z|V/—27| and Z[./—64], and then Theorem 9.2 will give us class field theory proofs 
of Euler’s conjectures for p = x* + 27y’ or x* + 64y*. To complete the circle of 
ideas, we will then explain how class field theory implies those portions of cubic and 
biquadratic reciprocity used in §4 in our earlier discussion of x” + 27y* and x? + 64y’. 

The remainder of the section will explore two other aspects of ring class fields. 
We will first use the Cebotarev Density Theorem to prove that a primitive positive 
definite quadratic form represents infinitely many prime numbers. Then, in a differ- 
ent direction, we will give a purely field-theoretic characterization of ring class fields 
and their subfields. 


A. Solution of p = x?+ny? for All n 


Before introducing ring class fields, we need some notation. If K is a number field, 
an ideal m of Ox can be regarded as a modulus, and in §8 we defined the ideal groups 
Ix(m) and Px,:(m). In this section, m will usually be a principal ideal Ox, and the 
above groups will be written [x (a) and Px 1(a@). 

To define a ring class field, let O be an order of conductor f in an imaginary 
quadratic field K. We know from Proposition 7.22 that the ideal class group C(O) 
can be written 


(9.1) C(O) = Ik(f)/Px,z(f) 


(recall that Px z(f) is generated by the principal ideals ~Ox where a = a mod fOx 
for some integer a with gcd(a, f) = 1). Furthermore, in §8 we saw that 


Px,i(f) C Piaf) C Ik(f), 
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so that C(O) is a generalized ideal class group of K for the modulus fOx (see (8.1)). 
By the Existence Theorem (Theorem 8.6), this data determines a unique Abelian 
extension L of K, which is called the ring class field of the order O. The basic 
properties of the ring class field L are, first, all primes of K ramified in L must divide 
fOx, and second, the Artin map and (9.1) give us isomorphisms 


C(O) = Ik(f)/Px,z(f) ~ Gal(L/K). 


In particular the degree of L over K is the class number, i.e., [L : K] = h(O). For an 
example of a ring class field, note that the ring class field of the maximal order Ox is 
the Hilbert class field of K (see Exercise 9.1). Later in this section we will give other 
examples of ring class fields. 

We can now state the main theorem of the book: 


Theorem 9.2. Let n> 0 be an integer. Then there is a monic irreducible polynomial 
fn(x) € Z[x] of degree h(—4n) such that if an odd prime p divides neither n nor the 
discriminant of f(x), then 


7 2 (—n/p) =1 and f,(x) =0 mod p 

paxtny <= { has an integer solution. 
Furthermore, f,(x) may be taken to be the minimal polynomial of a real algebraic 
integer a for which L = K(a) is the ring class field of the order Z[,/—n] in the 
imaginary quadratic field K = Q(./—n). 

Finally, if f(x) is any monic integer polynomial of degree h(—4n) for which the 
above equivalence holds, then f,,(x) is irreducible over Z and is the minimal polyno- 
mial of a primitive element of the ring class field L described above. 


Remark. This theorem generalizes Theorem 5.1, and the last part of the theorem 
shows that knowing f,,(x) is equivalent to knowing the ring class field of Z[./—n]. 


Proof. Before proceeding with the proof, we will first prove the following general 
fact about ring class fields: 


Lemma 9.3. Let L be the ring class field of an order O in an imaginary quadratic 
field K. Then L is a Galois extension of Q, and its Galois group can be written as a 
semidirect product 

Gal(L/Q) ~ Gal(L/K) » (Z/2Z) 


where the nontrivial element of Z/2Z acts on Gal(L/K) by sending o to a~'. 


Proof. In the case of the Hilbert class field, this lemma was proved in §6 (see the 
discussion following (6.3)). To do the general case, we first need to show that 7(L) = 
L, where 7 denotes complex conjugation. Let m denote the modulus fOx, and note 
that 7(m) = m. Since ker(®;/x m) = Px,z(f), an easy computation shows that 


ker(®,(1)/x,m) = T(ker(®z/x,m)) = T(Px,z(f)) = Px,2(f) 


(see Exercise 9.2), and thus ker(®,(z) xm) = ker(®z/x,m). Then 7(L) = L follows 
from Corollary 8.7. 
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As we noticed in the proof of Lemma 5.28, this implies that L is Galois over Q, 
so that we have an exact sequence 


1 —+ Gal(L/K) —> Gal(L/Q) — Gal(K/Q)(~ Z/2Z) —+ 1. 


Since 7 € Gal(L/Q), Gal(L/Q) is the semidirect product Gal(L/K) x (Z/2Z), where 
the nontrivial element of Z/2Z acts by conjugation by 7. However, for a prime p of 
K, Lemma 5.19 implies that 


(=) eel (=) (4) 

\.—_— = a = = 

p T(p) Pp 

(see Exercise 6.3). Thus, under the isomorphism [x (f)/Px,z(f) ~ Gal(L/K), con- 
jugation by 7 in Gal(L/K) corresponds to the usual action of 7 on /x(f). But if 
a is any ideal in Ix(f), then ad = N(a)Ox lies in Pxz(f) since N(a) is prime to 
f. Thus @ gives the inverse of a in the quotient [x(f)/Px,z(f), and the lemma is 
proved. Q.E.D. 


We can now proceed with the proof of Theorem 9.2. Let L be the ring class field 
of Z[./—n]. We start by relating p = x* + ny’ to the behavior of p in L: 


Theorem 9.4. Let n > 0 be an integer, and L be the ring class field of the order 
Z|/—n| in the imaginary quadratic field K = Q(/—n). If p is an odd prime not 
dividing n, then 


p=xrtny’ <=> p splits completely in L. 


Proof. Let O = Z[,/—n}. The discriminant of O is —4n, and then —4n = f?dx 
by (7.3), where f is the conductor of O. Let p be an odd prime not dividing n. 
Then p{ f*dx, which implies that p is unramified in K. We will prove the following 
equivalences: 


p=x+ny <> pOx=pb, p¥f, andp=—aOx, ac O 
<> pOx = pp, p#P, and p € Px2(f) 
<=> pOx = pp, p#P, and ((L/K)/p) =1 
<> pOx = pp, p# Pf, and p splits completely in L 
<=> p splits completely in L, 


and Theorem 9.4 will follow. 

For the first equivalence, suppose that p = x? + ny? = (x + /—ny)(x — /—ny). 
If we set p = (x + \/—ny)Ox, then pOx = pp is the prime factorization of pOx in 
Ox. Note that x + /—ny € O, and p $f since p is unramified in K. Conversely, if 
pOx = pp, where p = (x + /—ny)Ox, then it follows easily that p = x? + ny”. 

Since p{ f, the second equivalence follows from Proposition 7.22. The next two 
equivalences are equally easy: the isomorphism Ix(f)/Px,z(f) ~ Gal(L/K) given 
by the Artin map shows that p € Px z(f) if and only if ((L/K)/p) = 1, and then 
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Lemma 5.21 shows that ((L/K)/p) = 1 if and only if p splits completely in L. Finally, 
recall from Lemma 9.3 that L is Galois over Q. Thus, the proof of the last equivalence 
is identical to the proof of the last equivalence of (5.27). This completes the proof of 
Theorem 9.4. Q.E.D. 


The next step is to prove the main equivalence of Theorem 9.2. By Lemma 9.3, the 
ring class field L is Galois over Q, and thus Proposition 5.29 enables us to find a real 
algebraic integer a such that L = K(a). Let f,(x) € Z[x] be the minimal polynomial 
of a over K. Since O has discriminant —4n, the degree of f,(x) is [L: K] = h(O) = 
h(—4n). Then, combining Theorem 9.4 with the last part of Proposition 5.29, we 
have 


p=x +ny’ <> p splits completely in L 


(—n/p) = 1 and f,(x) =0 mod p 
has an integer solution, 


whenever p is an odd prime dividing neither n nor the discriminant of f,(x). This 
proves the main equivalence of Theorem 9.2. 

The final part of the theorem is concerned with the “uniqueness” of f,(x). Of 
course, there are infinitely many real algebraic integers which are primitive elements 
of the extension K C L, and correspondingly there are infinitely many f,,(x)’s. So the 
best we could hope for in the way of uniqueness is that these are all of the possible 
fn(x)’s. This is almost what the last part of the statement of Theorem 9.2 asserts—the 
Jn(x)’s that can occur are exactly the monic integer polynomials which are minimal 
polynomials of primitive elements (not necessarily real) of L over K. 

To prove this assertion, let f,,(x) be a monic integer polynomial of degree h(—4n) 
which satisfies the equivalence of Theorem 9.2. Then let g(x) € K[x] be an irre- 
ducible factor of f,(x) over K, and let M = K(q) be the field generated by a root of 
g(x). Note that a is an algebraic integer. If we can show that L C M, then 


h(—4n) = [L: K] < [M : K] = deg(g(x)) < deg(fn(x)) = h(—4n), 


which will prove that L = M = K(q) and that f,,(x) is the minimal polynomial of a 
over K (and hence over Q). 

It remains to prove L C M. Since L is Galois over Q by Lemma 9.3, Proposi- 
tion 8.20 tells us that L C M if and only if Syq C Sz, where: 


S_/q = {p prime : p splits completely in L} 
Smo = {p prime: p is unramified in L and fy), = 1 for some prime ‘B of M}. 


Let’s first study S;/g. By Theorem 9.4, this is the set of primes p represented by 
e+ ny’. Since Fn(x) satisfies the equivalence of Theorem 9.2, it follows that S; /Q 
is (with finitely many exceptions) the set of primes p which split completely in K 
and for which f,,(x) =0 mod p has a solution. 

To prove Sy/g CS, /Q» Suppose that p € Sy gq. Then fy), = 1 for some prime 
P of M, and if we set p= PBN Ox, then 1 = fos), = fag|p fp|p- Thus fy|p = 1, which 
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implies that p splits completely in K (since it’s unramified). Note also that f,(x) =0 
mod ‘8 has a solution in Oy since a € Oy and g(a) = f,(a) = 0. But fagjp = 1 
implies that Z/pZ ~ Oy /B, and hence f,,(x) =0 mod p has an integer solution. By 
the above description of S,/g, it follows that p € S;/g. This proves Su / Cc S10 /® 
and completes the proof of Theorem 9.2. Q.E.D 


There are also versions of Theorems 9.2 and 9.4 that characterize which primes 
are represented by the form x? + xy+((1—D)/4)y’, where D = 1 mod 4 is negative 
(see Exercise 9.3). 


B. The Ring Class Fields of Z[./—27] and Z[./—64] 


Theorem 9.2 shows how the ring class field solves our basic problem of determining 
when p = x” + ny’, and the last part of the theorem points out that our problem is in 
fact equivalent to finding the appropriate ring class field. To see how this works in 
practice, we will next use Theorem 9.2 to give new proofs of Euler’s conjectures for 
when a prime is represented by x* + 27y” or x* + 64y? (proved in §4 as Theorems 4.15 
and 4.23). The first step, of course, is to determine the ring class fields involved: 


Proposition 9.5. 


(i) The ring class field of the order Z[,\/—27| c K = Q(V—3) is L= K(V2). 
(it) The ring class field of the order Z[,/—64| C K = Q(i) is L= K(W2). 


Proof. To prove (i), let L be the ring class field of Z[\/—27]. Although L is defined 
abstractly by class field theory, we still know the following facts about L: 


(i) Lis a cubic Galois extension of K = Q(/—3) since [L: K] = h(—4-27) =3. 


(ii) L is Galois over Q with group Gal(L/Q) isomorphic to the symmetric group 
53. This follows from Lemma 9.3 since $3 is isomorphic to the semidirect 
product (Z/3Z) » (Z/2Z) with Z/2Z acting nontrivially. 


(iii) All primes of K that ramify in L must divide 60x. To see this, note that 
Z[V—27| = Z[3./—3] is an order of conductor 6 (this follows from Ox = 
Z[(—1+ /—3)/2]), so that L corresponds to a generalized ideal class group for 
the modulus 60x. By the Existence Theorem (Theorem 8.6), the ramification 
must divide the modulus. 


We will show that only four fields satisfy these conditions. To see this, first note 
that K contains a primitive cube root of unity, and hence any cubic Galois extension 
of K is of the form K(/u) for some u € K. (This is a standard result of Galois 
theory—see Artin [2, Corollary to Theorem 25].) However, the fact that Gal(L/Q) ~ 
53 allows us to assume that u is an ordinary integer. More precisely, we have: 


Lemma 9.6. If M is a cubic extension of K = Q(./—3) with Gal(M/Q) ~ S3, then 
M = K(x/m) for some cubefree positive integer m. 
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Proof. The idea is to modify the classical proof that M = K(x/u) for some u € K. 
We know that M is Galois over Q and that complex conjugation 7 is in Gal(M/Q). 
Furthermore, if o is a generator of Gal(L/K) ~ Z/3Z, then Gal(L/Q) ~ S3 implies 
that ror =a07!. 

By Proposition 5.29, we can find a real algebraic integer a such that M = K(q). 


Then define u; € M by 
uj=atwio(a)+w%o (a), i=0,1,2. 


The u;’s are algebraic integers satisfying o(u;) = w'u;, and note that 7(u;) = uj, since 
a is real and traT = o~'. Thus the u,’s are all real. Then uo is fixed by both o and 7, 
which implies that up € Z. Similar arguments show that u} and u3 are also integers. 
If u, # 0, we claim that M = K(u). This is easy to see, for [M : K] = 3, and thus 
M # K(u,) could only happen when u € K. Since u; is real, this would force ui 
to be an integer, which would contradict o(u;) = wu; and u; 4 0. This proves our 
claim, and if we set m = u3 € Z, it follows that M = K(u;) = K(,/m). We may 
assume that m is positive and cubefree, and we are done. 

If u2 # 0, we are done by a similar argument. The remaining case to consider is 
when u; = uz = 0. However, in this situation a simple application of Cramer’s rule 
shows that our original a would lie in K and hence be rational (since we chose a 
to be real in the first place). The details of this argument are left to the reader (see 
Exercise 9.4), and this completes the proof of Lemma 9.6. Q.E.D. 


Once we know L = K(,/m) for some cubefree integer m, the next step is to use 
the ramification of K C L to restrict m. Specifically, it is easy to show that any prime 
of Ox dividing m ramifies in K(,j/m) (see Exercise 9.5). However, by (iii) above, 
we know that all ramified primes divide 6Ox, and consequently 2 and 3 are the only 
integer primes that can divide m. Since m is also positive and cubefree, it must be 
one of the following eight numbers: 


2, 3, 4, 6, 9, 12, 18, 36, 
and this in turn implies that Z must be one of the following four fields: 
(9.7) K(W2), K(W3), K(W6), K(W/12) 


(see Exercise 9.6). All four of these fields satisfy conditions (i)—(iii) above, so that 
we will need something else to decide which one is the ring class field L. 
Surprisingly, the extra ingredient is none other than Theorem 9.2. More precisely, 
each field listed in (9.7) gives a different candidate for the polynomial f27(x) that 
characterizes p = x* + 27y”, and then numerical computations can determine which 
one is the correct field. To illustrate what this means, suppose that L were K (V3 ), the 
second field in (9.7). This would imply that f27(x) = x° — 3, which has discriminant 
—35 (see Exercise 9.7). If Theorem 9.2 held with this particular f:7(x), then the 
congruence x° = 3 mod 31 would have a solution since 31 = 27 + 27- 1? is of the 
form x” + 27y?. Using a computer, it is straightforward to show that there are no 
solutions, so that K(./3) can’t be the ring class field in question. Similar arguments 
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(also using p = 31) suffice to rule out the third and fourth fields given in (9.7) (see 
Exercise 9.8), and it follows that L = K(W2) as claimed. 

The second part of the proposition, which concerns the ring class field of the order 
Z|/—64] C K = Q(i), is easier to prove than the first, for in this case one can show 
that K(./2) is the unique field satisfying the analogs of conditions (i)—(iii) above (see 
Exercise 9.9), Q.E.D. 


Another example of a ring class field is given in Exercise 9.10, where we will 
show that the field K(v/3) from (9.7) is the ring class field of the order Z[9w] of 
conductor 9 in K = Q(/—3). 

If we combine Theorem 9.2 with the explicit ring class fields of Proposition 9.5, 
then we get the following characterizations of when p = x? + 27y” and p = x? + 64y? 
(proved earlier as Theorems 4.15 and 4.23): 


Theorem 9.8. 
(i) If p > 3 is prime, then 


_ 2 2 p = 1 mod 3 and x = 2 mod p 
Pee Pay er { has an integer solution. 


(ii) If p is an odd prime, then 


= 1 mod 4 and x4 = 2 mod p 

Bok SO Soe { ie an integer solution. 

Proof. By Proposition 9.5, the ring class field of Z[,/—27] is L = K(/2), where K = 
Q(V—3). Since V2 is a real algebraic integer, the polynomial fy7(x) of Theorem 9.2 
may be taken to be x* — 2. Then the main equivalence of Theorem 9.2 is exactly 
what we need, once one checks that the condition (~27/p) = 1 is equivalent to 
the congruence p = | mod 3. The final detail to check is that the discriminant of 
x? —2 is —2?-33 (see Exercise 9.7), so that the only excluded primes are 2 and 
3, and then (i) follows. The proof of (ii) is similar and is left to the reader (see 
Exercise 9.11). Q.E.D. 


Besides allowing us to prove Theorem 9.8, the ring class fields determined in 
Proposition 9.5 have other uses. For example, if we combine them with Weak Reci- 
procity from §8, we then get the following partial results concerning cubic and bi- 
quadratic reciprocity: 


Theorem 9.9. 


(i) Ifa primary prime x of Zw], w = e?"/3, is relatively prime to 6, then 
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(ii) If p = 1 mod 4 is prime and p =a? +b’, then x = a+ bi is prime in Z{i], and 


Remark. Notice that these are exactly the portions of cubic and biquadratic reci- 
procity used in our discussion of p = x? + 27y? and x* + 64y” in §4 (see Theo- 
rems 4.15 and 4.23). 


Proof. We will prove (i) and leave the proof of (ii) as an exercise (see Exercise 9.12). 
The basic idea is to combine Weak Reciprocity (Theorem 8.11) with the explicit 
description of the ring class field given in Proposition 9.5. 

If K = Q(w), then Ox is the ring Z[w] from §4. Thus L = K(W2) is the ring 
class field of the order of conductor 6, and hence corresponds to a subgroup of [x (6) 
containing Px (6). This shows that the conductor f divides 60x. Then Weak Reci- 
procity tells us that the cubic Legendre symbol (2/-)3 induces a well-defined homo- 
morphism 

Tx (6)/Px,1(6) — p3 


where j/3 is the group of cube roots of unity. However, the map sending a € Ox to 
the principal ideal aOx induces a homomorphism 


(Ox /6Ox)* —> Ik (6)/Px,z(6) 


(this is similar to what we did in §7—see part (c) of Exercise 9.21). Combining these 
two maps, the Legendre symbol (2/-)3 induces a well-defined homomorphism 


(9.10) (Ox /60Ox)" — ps. 


Recall that 7 is primary by assumption, which means that 7 = +1 mod 30x. Re- 
placing 7 by —7 affects neither (2/7)3 nor (7/2)3, so that we can assume 7 = 
1 mod 30x. Now consider the isomorphism 


(9.1 1) (Ox /6Ox)* = (Ox /2O0x)* x (Ox /30x)*. 


By (9.10), (2/-)3 is a homomorphism on the group (Ox/6Ox)*, and the condi- 
tion 7 = 1 mod 30x means we are restricting this homomorphism to the subgroup 
(Ox /2Ox)* x {1} relative to (9.11). But the cubic Legendre symbol (-/2)3 can also 
be regarded as a homomorphism on this subgroup, and we thus need only show that 
these homomorphisms are equal. 

To prove this, first note that (Ox/2Ox)* x {1} is cyclic of order 3 (Ox/2Ox isa 
field with four elements), and the class of 6 = 1 + 3w in (Ox /6Ox)* is a generator. 
Thus, to show that the two homomorphisms are equal, it suffices to prove that 


2\ . (@ 

o/s, (2 3 
Using (4.10), this is straightforward to check—see Exercise 9.12 for the details. The- 
orem 9.9 is proved. Q.E.D. 
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C. Primes Represented by Positive Definite Quadratic Forms 


As an application of ring class fields, we will prove the classic theorem that a primi- 
tive positive definite quadratic form ax? + bxy + cy’ represents infinitely many prime 
numbers. The basic idea is to compute the Dirichlet density (in the sense of §8) of 
the set of primes represented by ax” + bxy + cy, for once we show that the density 
is positive, there must be infinitely many primes represented. Here is the precise 
statement of what we will prove: 


Theorem 9.12. Let ax* + bxy+cy* be a primitive positive definite quadratic form 
of discriminant D < 0, and let S be the set of primes represented by ax’ + bxy + cy’. 
Then the Dirichlet density 5(S) exists and is given by the formula 


if ax + bxy + cy’ is properly equivalent to its opposite 


iD) otherwise. 


In particular, ax? + bxy + cy’ represents infinitely many prime numbers. 


Proof. Let © be the order of the discriminant D, and let K = Q( VD). By (7.3), we 
have D = f*dx, where f is the conductor of ©. As in the statement of the theorem, 
let S = {p prime : p = ax’ + bxy+cy’}. We need to compute the Dirichlet density 
of S. 

The first step is to relate S to the generalized ideal class group Ix(f)/Px,z(f). By 
the isomorphism C(D) ~ C(O) of Theorem 7.7, the class [ax” + bxy + cy”] € C(D) 
corresponds to the class [a9] € C(O) for some proper O-ideal ap. Then part (iii) of 
Theorem 7.7 tells us that 


(9.13) S = {p prime: p = N(6), 6 € [ap]}. 


We need to state this in terms of the maximal order Ox. By Corollary 7.17 we may 
assume that ao is prime to f, and from here on we will consider only primes p not 
dividing f. Under the map a++ aOx, we know that b € [ap] € C(O) corresponds 
to bOK € [a9Ox] € Ix (f)/Px.z(f) (Proposition 7.22). Furthermore, 6 and b = bOx 
have the same norm when prime to f (Proposition 7.20). Thus (9.13) implies 


S = {p prime: p{ f, p =N(b), 6 € [apOx]}. 


Since p is prime, the equation p = N(b) forces 6 to be prime, so that this description 
of S can be written 


(9.14) S = {p prime: p{ f, p= N(p), p prime, p € [apOx]}. 
If L is the ring class field of O, then Artin reciprocity gives us an isomorphism 


(9.15) Tk(f)/Px,2(f) = Gal(L/K). 
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Under this isomorphism, the class of agOx maps to an element oo € Gal(L/K), 
which we can regard as an element of Gal(L/Q). Letting (ao) denote its conjugacy 
class in Gal(L/Q), we claim that 


(9.16) S= {p prime : p unramified in L, (=A) = (oo). 


The right hand side of (9.16) will be denoted S’, so that we must prove S = S’. 

To show that S’ C S, take any p € S’. Thus ((L/Q)/p) = (a0), which means that 
((L/Q)/%8) = oo for some prime ¥ of L containing p. Then p = BM Ox is a prime 
of K containing p, and we claim that p = N(p). To see this, note that for any a € O,, 


(9.17) o0(a) =a? mod B 


since oo = ((L/Q)/38). But we also have op € Gal(L/K), so that when a € Ox, the 
above congruence reduces to 
a=a? mod p. 


This implies Ox/p ~ Z/pZ, and N(p) = p follows. This fact and (9.17) then imply 
that a is the Artin symbol ((L/K)/p). Since [a9QOx] € Ix(f)/Px,z(f) corresponds 
to oo € Gal(L/K) under the isomorphism (9.15), it follows that p is in the class of 
agOx. Then (9.14) implies that p € S, at least when p{(f), and S’ C S follows. 
The opposite inclusion is straightforward and is left to the reader (see Exercise 9.14). 
This completes the proof of (9.16). 

From (9.16), the Cebotarev Density Theorem shows that S has Dirichlet density 


8) = TE 


However, since a9 € Gal(L/K), Lemma 9.3 implies that (09) = {00,09 |} (see Ex- 
ercise 9.15). Since [L : Q] = 2h(D), we see that 


1 
2A(D) do has order < 2 
. ! otherwise 
h(D) 


Now op has order < 2 if and only if ax” + bxy + cy” has order < 2 in C(D), and this 
last statement means that ax? + bxy + cy’ is properly equivalent to its opposite. This 
completes the proof of Theorem 9.12. Q.E.D. 


As an example of what the theorem says, consider forms of discriminant —56. 
The class number is 4, and we know the reduced forms from §2. Then Theorem 9.12 
implies that 

6({p prime : p =x’ + 14y*}) =} 
5({p prime : p = 2x" +7y"}) = 3 
6({p prime : p = 3x7 + 2xy + 5y’}) =}. 
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Notice that these densities sum to 1/2, which is the density of primes for which 
(—56/p) = 1. This example is no accident, for given any negative discriminant, the 
densities of primes represented by the reduced forms (counted properly) always sum 
to 1/2 (see Exercise 9.17). 

A weaker form of Theorem 9.12, which asserts that ax? + bxy + cy* represents 
infinitely many primes, was first stated by Dirichlet in 1840, though his proof ap- 
plied only to a restricted class of discriminants (see [27, Vol. I, pp. 497-502]). A 
complete proof was given by Weber in 1882 [101], and in 1954 Briggs [10] found 
an “elementary” proof (in the sense of the “elementary” proofs of the prime number 
theorem due to Erdos and Selberg). 


D. Ring Class Fields and Generalized Dihedral Extensions 


We will conclude §9 by asking if there is an intrinsic characterization of ring class 
fields. We know that they are Abelian extensions of K, but which ones? The re- 
markable fact is that there is a purely field-theoretic way to characterize ring class 
fields and their subfields. The key idea is to work with the Galois group over Q. We 
used this strategy in §6 in dealing with the genus field, and here it will be similarly 
successful. For the genus field, we wanted Gal(L/Q) to be Abelian, while in the 
present case we will allow slightly more complicated Galois groups. The crucial 
notion is when an extension of K is generalized dihedral over Q. To define this, let 
K be an imaginary quadratic field, and let L be an Abelian extension of K which is 
Galois over Q. As we saw in the proof of Lemma 9.3, complex conjugation 7 is an 
automorphism of L, and the Galois group Gal(L/K) can be written as a semidirect 
product 
Gal(L/Q) ~ Gal(L/K) x (Z/2Z), 


where the nontrivial element of Z/2Z acts on Gal(L/K) via conjugation by 7. We say 
that L is generalized dihedral over Q if this action sends every element in Gal(L/K) 
to its inverse. 

In Lemma 9.3 we proved that every ring class field L is generalized dihedral over 
Q, and it is easy to show that every subfield of L containing K is also generalized 
dihedral over Q (see Exercise 9.18). The unexpected result, due to Bruckner [11], is 
that this gives all extensions of K which are generalized dihedral over Q: 


Theorem 9.18. Let K be an imaginary quadratic field. Then an Abelian extension L 
of K is generalized dihedral over Q if and only if L is contained in a ring class field 
of K. 


Proof. By the above discussion, we know that any extension of K contained in a 
ring class field is generalized dihedral over Q. To prove the converse, fix an Abelian 
extension L of K which is generalized dihedral over Q. By Artin reciprocity, there is 
an ideal m and a subgroup Px ;(m) C H C Ix(m) such that the Artin map induces an 
isomorphism 


(9.19) Ix(m)/H —~> Gal(L/K). 
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We saw in §8 that all of this remains true when m is enlarged, so that we may assume 
that m = fOx for some integer f, and we can also assume that f is divisible by the 
discriminant dx of K (this will be useful later in the proof). To prove the theorem, 
it suffices to show that Px z(f) C H, for this will imply that Z lies in the ring class 
field of the order of conductor f in Ox. From the definition of Px .z(f), this means 
that we have to prove the following for elements u € Ox: 


(9.20) céZ, c prime to f, u=c mod f => uOx EH. 


The first step is to use the fact that Px 1(fOx) C H: if a,@ € Ox are prime to f, 
then we claim that 


(9.21) a= mod fOx > (@Ox €H => BOx EAH). 


To prove this, pick an element -y € Ox such that ay = 1 mod fOx. Then By = 1 
mod fOx also holds, so that ayOx and ByOx both lie in Px 1(fOx) C H, and (9.21) 
follows immediately. One consequence of (9.21) is that (9.20) is equivalent to the 
simpler statement 


(9.22) c€Z, c prime to f = cOx EH. 


So we need to see how (9.22) follows from L being generalized dihedral over 
Q. Under the isomorphism (9.19), we know that conjugation by 7 on Gal(L/K) 
corresponds to the usual action of 7 on Ix(f). Then L being generalized dihedral 
over Q means that for a € Ix(f), the class of @ gives the inverse of a in Jx(f)/H, 
which in turn means that aa € H. Since aa = N(a)Ox by Lemma 7.14, we see that 
for any ideal a € Ix(f), we have 


(9.23) N(a)Ox EH. 


It remains to prove that (9.23) implies (9.22). Note first that it suffices to prove 
(9.22) when c is a prime p not dividing f. Recall that dx | f, so that p is unramified 
in K. There are two cases to consider, depending on whether or not p splits in K. 
If p splits, then p = N(p), where p is a prime factor of pOx. Then, by (9.23), 
we have pOx = N(p)Ox € H, as desired. If p doesn’t split, then (dx/p) = —1 by 
Corollary 5.17. Let g be a prime such that g = —p mod f (such primes exist by 
Dirichlet’s theorem). We claim that q splits completely in K. The proof will use 
the character ~ from Lemma 1.14. Recall that this lemma states that the Legendre 
symbol (dx /-) induces a well-defined homomorphism y : (Z/dxZ)* — {+1}, and 
since dx < 0, we also have x([—1]) = —1. Since dx | f, we have g = —p mod dx, 
and thus 

d 
(S) = x(a) = x((-2) =x(-tx() = - () =. 
Hence q splits completely in K. The argument for the split case implies that qOx € H, 
and then g = —p mod fOx and (9.21) imply that (—p)Ox € H. Thus pOx € H, 
which proves (9.22) and completes the proof of Theorem 9.18. Q.E.D. 
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In Exercises 9.19—9.24, we will explore some other aspects of ring class fields, 
including a computation of the conductor (in the sense of class field theory) of a ring 
class field. For further discussion of ring class fields, see Bruckner [11], Cohn [19, 
§15.1] and Cohn [21, Chapter 8]. 


E. Exercises 


9.1. 


9.2. 


9.3. 


9.4. 


9.5. 


9.6. 


9.7. 


9.8. 


9.9. 
9.10. 


Prove that the Hilbert class field of an imaginary quadratic field is the ring 
class field of the maximal order. 


Let © be the order of conductor f in the imaginary quadratic field K, and 
let L be the ring class field of O. Let m = fOx and let + denote complex 
conjugation. 

(a) Show that r(m) = m and that 7(Px,z(f)) = Px,z(f). 

(b) Show that ker(®,(z)/x,m) = 7(ker(®z/x,m)): 

(c) Using ker(®,/x mm) = Px,z(f), conclude that 


ker(®,(z)/x,m) = ker(®z/x,m)- 


Formulate and prove versions of Theorems 9.2 and 9.4 for primes represented 
by the principal form x? + xy + ((1 — D)/4)y? when D = | mod 4 is negative. 


Let u;, i= 0,1,2, be as in the proof of Lemma 9.6. If uj = uz = 0, then use 
Cramer’s rule to prove that a € K. 


Let L = K(,/m) be a cubic extension of K where m is a cubefree integer and K 
is an imaginary quadratic field. If p is any prime of K dividing m, then prove 
that p ramifies in L. 


Verify that if K = Q(./—3) and L = K(¥/m), where m is a cubefree integer of 
the form 273°, then L is one of the four fields listed in (9.7). 


Prove that the discriminant of the cubic polynomial x° — a is —27a?. 


Use the arguments outlined in the proof of Proposition 9.5 to show that none 
of the fields K(v/3), K(x/6) and K(¥/12) can be the ring class field of the order 
Z[V—27]. Hint: use 31 = 2? +. 27- 1. 


Prove part (ii) of Proposition 9.5 using the hints given in the text. 


This exercise is concerned with the order Z[9w] of conductor 9 in the field 
K =Q(w),w = e273, 


(a) Prove that L = K(./3) is the ring class field of Z[9w]. Hint: adapt the 
proof of Proposition 9.5. 


(b) Use Exercise 9.3 to prove that for primes p > 5, p = x? + xy+ 61y” if 
and only if p = | mod 3 and 3 is a cubic residue modulo p. 
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(c) Use (b) to prove that for primes p > 5, 4p = x? + 243y? if and only if 
p = 1 mod 3 and 3 is a cubic residue modulo p. Note that this result, 
conjectured by Euler, was proved earlier in Exercise 4.15 using the sup- 
plementary laws of cubic reciprocity. 


9.11. Prove part (ii) of Theorem 9.8. 
9.12. This exercise is concerned with the proof of Theorem 9.9. 


(a) Let 0 = 1+ 3w. To prove that (2/0)3 = (0/2)s, first use (4.10) to show 


2 2 
-— = 2(N(1+34)-1)/3 = 4 mod (1+ 3w)O 
(3),~ (435), a 


6 1+3w l+w 
eo =({(7"*) =%4 (N(2)—1)/3 
(3), A), G2) 2040 


=1+w mod 20x, 


and then note that 1 + w+w* = 0 and 4—w? = —(14+ 2w)(1+3w). 
(b) Prove part (ii) of Theorem 9.9. 


9.13. Let K = Q(w), w = e?"/3. In this exercise we will use the ring class field 
K(¥3) from Exercise 9.10 to prove the supplementary laws of cubic reci- 
procity. Let p= 1 mod 3 be prime. In Exercise 4.15 we saw that 4p = 
a’ + 27b*, which gave us the factorization p = m7 where 1 = (a + /—27b)/2 
is primary. We can assume that a = 1 mod 3. 


(a) Prove that (w/7)3 = w?(¢+?)/3, Hint: use (4.10). 

(b) Adapt the proof of Theorem 9.9 to prove that (3/7)3 = w”. Hint: use 
Exercise 9.10. 

(c) Use 3 = —w?(1 —w)? to prove that (1 —w/7)3 = wt (4+2)/3, 


(d) Show that the results of (a) and (c) imply the supplementary laws for 
cubic reciprocity as stated in (4.13). 


9.14. Let S and S’ be the two sets of primes defined in the proof of Theorem 9.12. 
Prove that S C S’. Hint: use (9.14). 


9.15. Let K be an imaginary quadratic field, and let K C L be an Abelian extension 
which is generalized dihedral over Q. If o € Gal(L/K) C Gal(L/Q), then 
prove that the conjugacy class (o) of o in Gal(L/Q) is the set {o,0~'}. 


9.16. In this exercise we will use (8.16) to give a different proof of Theorem 9.12. 
We will use the notation of the proof of Theorem 9.12. Thus © is the order of 
conductor f in an imaginary quadratic field K, and L is the ring class field of 
O. Let 


S = {p prime: p = ax’ + bxy+cy*}. 
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(a) If ax? + bxy + cy’ gives us the class [agOx] € Ix(f)/Px,z(f), show that 


S= {p primes : ptf, pOx = pp, pe [agOx]}. 


Hint: use (9.14). 
(b) Use the Cebotarev Density Theorem to show that 


Ss’ = {p € Pr: pe [agOx]} 


has Dirichlet density 6(S”) = 1/h(D). Then use (8.16) to show that 
5(S” VPx1) = 1/h(D). Recall that Px 1 = {p € Px : N(p) is prime}. 


(c) Show that the mapping p> N(p) from S” NM Px; to S is either two-to- 
one or one-to-one, depending on whether or not agQx has order < 2 in 
the class group. Then use (b) to prove Theorem 9.12. 


9.17. Fix a negative discriminant D. 


(a) Use Theorem 9.12 to show that the sum of the densities of the primes rep- 
resented by the reduced forms of discriminant D with middle coefficient 
b > Ois always 1/2. 


(b) To explain the result of (a), first use Lemma 2.5 to show that the primes 
represented by the forms listed in (a) are, up to a finite set, exactly the 
primes for which (D/p) = 1. Then use the Cebotarev Density Theorem 
to show that this set has density 1/2. 


9.18. Let K be an imaginary quadratic field. Use Lemma 9.3 to prove that any 
intermediate field between K and a ring class field of K is generalized dihedral 
over Q. 


9.19. An imaginary quadratic field K has infinitely many ring class fields associated 
with it. In this exercise we will work out the relation between the different ring 
class fields. 


(a) If O; and ©» are orders in K, then we get ring class fields L; and Lo. 
Prove that 
OO; CO, == 1n CL). 


(b) If f; is the conductor of O,, then prove that QO, C Q, if and only if fo | fi, 
and conclude that the result of (a) can be stated in terms of conductors as 
follows: 

tia lf =—=>1,cI). 


In Exercise 9.24, we will see that the converse of this implication is false. 


(c) Show that the Hilbert class field is contained in the ring class field of any 
order, and conclude that h(dx) | h(f?dx). This fact was proved earlier in 
Theorem 7.24. 


9.20. 


9.21. 
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Let L be the ring class field of an order © in an imaginary quadratic field K. 
Such a field has two “conductors” associated to it: first, there is the conductor 
f of the order O, and second, there is the class field theory conductor f(L/K) 
of L as an Abelian extension of K. There should be a close relation between 
these conductors, and the obvious guess would be that 


f(L/K) = fOr. 


In Exercises 9.20—-9.23, we will show that the answer is a bit more compli- 
cated: the conductor is given by the formula 


Or f =20r3, K =Q(V—3) 
(f/2)Ox f =2f"', f' odd, 2 splits completely in K 
fOr otherwise. 


To begin the proof, let f be a positive integer, and let K be an imaginary 
quadratic field. Assume that f = 2f’, where f’ is odd and 2 splits completely 
in K. Let L and L’ be the ring class fields of K corresponding to the orders of 
conductor f and f’ respectively. Then prove that 


f(L/K) =§(L'/K). 
Hint: first show that L’ C L, and then use Theorem 7.24 to conclude that L’ = L. 


Let L be the ring class field of the order of conductor f in an imaginary 
quadratic field K, and assume that f(L/K) 4 fOx. 


(a) Show that fOx = pm, where p is prime and f(L/K) | m. We will fix p 
and m for the rest of this exercise. 
(b) Prove that fk (f) A Pk,1(m) C Px z(f). 


(c) Show that there is an exact sequence 


Ok — (Ox/fOx)* © Pe Ik(f)/Paalf) 1, 


where Px is the group of all principal ideals and ¢ is the map which sends 
[a] € (Ox«/fOx)* to [aOx] € Px OIk(f)/Px.1(f). Hint: this is similar 
to what we did in (7.27). 


(d) Consider the natural maps 
m : (Ox/fOx)" — (Ox/m)* 
B:(Z/fZ)" —+ (Ox/fOx)”. 
Show that ker(7) C Of -im(@). Hint: use (b) and the exact sequence of 


(c) to show that 6~' (Ix(f) MPx,1(m)) = Ox -ker(7) and 67! (Px.2(f)) = 
Ox -im(8). 
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9,22. In this exercise we will assume that Of = {+1} (by Exercise 5.9, this excludes 
the fields Q(./—3) and Q(i)). Let K, f and L be as in the previous exercise, 
and assume in addition that if f = 2,f’, f’ odd, then 2 doesn’t split completely 
in K. Our goal is to prove that 


f(L/K) = fOr. 


We will argue by contradiction. Suppose that f(L/K) # fOx. Exercise 9.21 
implies that fOx = pm, where p is prime and f(L/K) | m. Furthermore, if 7 
and £ are the natural maps 


T: (Ox/fOx)* — (Ox/m)* 
B: (Z/fZ)* — (Ox/fOk)", 


then Exercise 9.21 also implies that ker(7) C Of -im(@), and since Of = 
{+1}, we see that 

ker(7) C im(£). 
We will show that this inclusion leads to a contradiction. 


(a) Use Exercise 7.29 to prove that 


N(p) p | 
pel ea ae 


(b) Note that N(p) = p or p’, where p is the unique integer prime contained 

in p. Suppose first that N(p) = p. 

(i) Show that m = mp for some integer m. 

(ii) Use (i) to show that the map (Z/fZ)* — (Ox/m)* is injective, and 
conclude that ker(7) MNim(8) = {1}. 

(iii) Since ker(7) C im(§), (ii) implies that ker(7) = {1}. Use (a) to 
show that p = 2, 2 splits completely in K, and f = 2m where m is 
odd. This contradicts our assumption on f. 

(c) It remains to consider the case when N(p) = p*. Here, f = pm and 
m= mOx. 

(i) Show that ker(7) Mim() ~ ker(@), where 6 : (Z/fZ)* > (Z/mZ)* 
is the natural map. 

(ii) Since ker(7) C im(), (i) implies that |ker(7)| < |ker(6)|, and we 
know |ker(7r)| from (a). Now compute |ker(9)| and use this to show 
that |ker(7)| < |ker(@)| is impossible. Again we have a contradic- 
tion. 


9.23. Recall the formula for the conductor f(L/K) stated in Exercise 9.20. 


(a) Using Exercises 9.20 and 9.22, prove that the desired formula holds when 
OF = {+1}. 
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(b) Adapt the proof of Exercise 9.22 to the case Of # {+1}, and prove the 
formula for f(L/K) for all K. 


9.24. Use the conductor formula from Exercise 9.20 to give infinitely many exam- 
ples where f(L/K) # fOx. Also show that the converse of part (b) of Exer- 
cise 9.19 is not true in general (i.e., L2 C L; need not imply fp | f1). 


CHAPTER THREE 


COMPLEX MULTIPLICATION 


§10. ELLIPTIC FUNCTIONS AND COMPLEX MULTIPLICATION 


In Chapter Two we solved our problem of when a prime p can be written in the form 
x* +ny’. The criterion from Theorem 9.2 states that, with finitely many exceptions, 


Pee oe ee = 1 and fa(x) = 0 mod p 
has an integer solution. 

The key ingredient is the polynomial f,(x), which we know is the minimal poly- 
nomial of a primitive element of the ring class field of Z[,/—n]. But the proof of 
Theorem 9.2 doesn’t explain how to find such a primitive element, so that currently 
we have only an abstract solution of the problem of p = x* + ny’. In this chapter, 
we will use modular functions and the theory of complex multiplication to give a 
systematic method for finding f(x). 

In §10 we will study elliptic functions and introduce the idea of complex multi- 
plication. A key role is played by the j-invariant of a lattice, and we will show that 
if O is an order in an imaginary quadratic field K, then its j-invariant j(O) is an 
algebraic number. But before we can get to the real depth of the subject, we need to 
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Jearn about modular functions. Thus §11 will present a brief but complete account of 
the main properties of modular functions for ['o(m), including the modular equation. 
Then we will prove that j(©) is not only an algebraic integer, but also that it gen- 
erates (over K) the ring class field of O. This theorem, often called the “First Main 
Theorem” of complex multiplication, is the main result of §11. In §12 we will com- 
pute j(O) in some special cases, and in §13 we will complete our study of j(©) by 
describing an algorithm for computing its minimal polynomial (the so-called “class 
equation”). When applied to the order Z[,/—n], this theory will give us an algorithm 
for constructing the polynomial f,(x) that solves p = x* + ny”. We will then have a 
complete solution of the basic problem of the book. 

Before we can begin our discussion of complex multiplication, we need to learn 
some basic facts about elliptic functions and j-invariants. 


A. Elliptic Functions and the Weierstrass -Function 


To start, we define a lattice to be an additive subgroup L of C which is generated by 
two complex numbers w and w that are linearly independent over R. We express 
this by writing ZL = [w),w]. Then an elliptic function for L is a function f(z) defined 
on C, except for isolated singularities, which satisfies the following two conditions: 


(i) f(z) is meromorphic on C, 
(ii) f(z+w) = f(z) forall w € L. 


If L = [wy ,w2], note that the second condition is equivalent to 


f(z+01) = f(zt+ur) = f(z). 


Thus an elliptic function is a doubly-periodic meromorphic function, and elements 
of L are often referred to as periods. 

One of the most important elliptic functions is the Weierstrass g-function, which 
is defined as follows: given a complex number z not in the lattice L, we set 


1 1 1 
wel {0} (Z—w)? w 


When working with a fixed lattice L, we will usually write ¢(z) instead of ¢(z;L). 
Here are some basic properties of the g-function: 


Theorem 10.1. Let 9(z) be the Weierstrass y-function for the lattice L. 


(i) 9(z) is an elliptic function for L whose singularities consist of double poles at 
the points of L. 


(ii) go(z) satisfies the differential equation 


(2)? = 4@(z)? — go(L)(z) — g3(L), 
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where the constants g2(L) and g3(L) are defined by 


1 
82(L) = 60 De idk 
wEL—{0} 
1 
g3(L) = 140 > re 
wEL—{0} 


(iti) ¢(z) satisfies the addition law 


p(z+w) = —(z) — p(w) + 


whenever z,w ¢ Landz+w¢€ L. 
Proof. The first step is to prove the following lemma: 


Lemma 10.2. /f L is a lattice and r > 2, then the series 


converges absolutely. 
Proof. If L= [wy ,w], then we need to show that the series 
S oho 
Perea |w|" oa |mw, + nw|" 


converges, where pe denotes summation over all ordered pairs (m,n) 4 (0,0) of 
integers. If we let M = min{|xw) + yw]: x* +y? = 1}, then it is easy to see that for 


allx,y ER, 
xu + yw2| > Mr/x? + y? 


(see Exercise 10.1), and it follows that 
' 1 1 ! 1 
—_____ < — pe es 
» [mw + nw2|" — Mr » (m? + n?)r/2 
By comparing the sum on the right to the integral 


1 
> dxd 
_ Gy yi? ae 


it is easy to show that the sum in question converges when r > 2 (see Exercise 10.1). 
Q.E.D. 
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We can now show that go(z) is holomorphic outside L. Namely, if 2 is a compact 
subset of C missing L, it suffices to show that the sum in 


1 1 1 
e=at © (rapa) 


converges absolutely and uniformly on 2. Pick a number R such that |z| < R for all 
z € 2. Now suppose that z € 0 and that w € L satisfies |w| > 2R. Then |z—w| > }|w, 
and one sees that 


1 1 


2(2w — z) 
ea 0) 


R(2|w|+5|w|) _ 10R 
~  |wP(Z|w/?) |u|3” 


(z-—w)? we 


Since the inequality |w| > 2R holds for all but finitely many elements of L, it follows 
from Lemma 10.2 that the sum in the ¢-function converges absolutely and uniformly 
on 92. Thus ¢(z) is holomorphic on C — L and has a double pole at the origin. 
Notice that since (—z~w)? = (z— (—w))?, the identity ¢(—z) = e(z) follows 
immediately from absolute convergence. Thus the g-function is an even function. 
To show that go(z) is periodic is a bit trickier. We first differentiate the series for 


go(z) to obtain 
1 
(Qs, 
9 (z) a (z ne. w)3 


Arguing as above, this series converges absolutely, and it follows easily that o’(z) is 
an elliptic function for L (see Exercise 10.2). Now suppose that L = [w;,w2]. The 
functions ¢(z) and (z+ w;) have the same derivative (since go’ (z) is periodic), and 
hence they differ by a constant, say o(z) = ¢o(z+wi)+C. Evaluting this at —w;/2 
(which is not in L), we obtain 


9(—w;/2) = p(—w;/2 + w;) +C = p(w; /2) +C. 


Since ¢o(z) is an even function, C must be zero, and periodicity is proved. It follows 
that the poles of (o(z) are all double poles and lie exactly on the points of L, and (i) 
is proved. 

Turning to (ii), we first compute the Laurent expansion of ¢(z) about the origin: 


Lemma 10.3. Let ¢(z) be the g-function for the lattice L, and let G,(L) be the 
constants defined in Lemma 10.2. Then, in a neighborhood of the origin, we have 


1 lee) 
9(z) = ) + y (2n + 1)Gon42(L) r". 
n=1 


Proof. For |x| < 1, we have the series expansion 


n=1 
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(see Exercise 10.3). Thus, if |z| < |w|, then we can put x = z/w in the above series, 
and it follows easily that 


1 1 ant+i 
(z—w)?? uw? = Dae o 


n=1 
Summing over all w € L — {0} and using absolute convergence, we obtain 


ple) = +d (n+ )Gyy2(L)Z" 


2 
Since the g(z) is an even function, all of the odd coefficients must vanish, giving us 
the desired Laurent expansion. Q.E.D. 
From this lemma, we see that 
eft > Ve 
6) = +) 2n(2n+ Grnp(Lyor", 
n=1 


and then one computes the first few terms of go(z)? and g'(z)? as follows: 


1 L 
(z)° = 5+ OHO) + 15G6(L) + 
4 24G4(L 
¢' (z)? = 5 — MOS —s0G6(L) +--+, 


where + --- indicates terms involving positive powers of z (see Exercise 10.4). Now 
consider the elliptic function 


F(z) = @'(z)? —4@(z)? + 60G4(L) (z) + 140Ge(L). 


Using the above expansions, it is easy to see that F(z) vanishes at the origin, and 
then by periodicity, F(z) vanishes at all points of L. But it is also holomorphic on 
C—L, so that F(z) is holomorphic on all of C. An easy argument using Liouville’s 
Theorem shows that F(z) is constant (see Exercise 10.5), so that F(z) is identically 
zero. Since g2(L) and g3(L) were defined to be 60G4(L) and 140G¢(L) respectively, 
the proof of (ii) is complete. 

In order to prove (iii), we will need the following lemma: 


Lemma 10.4. [f z,w ¢ L, then ¢(z) = 9(w) if and only if z= +w mod L. 


Proof. The <= direction of the proof is trivial since ¢(z) is an even function. To 
argue the other way, suppose that L = [w,,w»], and fix a number —1 < 6 < 0. Let 
P denote the parallelogram {sw +tw2:6<s,t <6+1}, and let T be its boundary 
oriented counterclockwise. Note that every complex number is congruent modulo L 
to a number in P (see Exercise 10.6). 
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Fix w and consider the function f(z) = g(z) — g(w). By adjusting 6, we can 
arrange that f(z) has no zeros or poles on T’. Then it is well known that 


1 ff@ 
2ni Jr f(z) 


where Z (resp. P) is the number of zeros (resp. poles) of f(z) in P, counting multi- 
plicity. Since f’(z)/f(z) is periodic, the integrals on opposite sides of I’ cancel, and 
thus f.(f’(z)/f(z))dz = 0. This shows that Z = P. However, P is easy to compute: 
from the definition of P, it’s obvious that 0 is the only pole of f(z) = @(z) — e(w) 
in P. It’s a double pole, and thus Z = P = 2, so that f(z) has two zeros (counting 
multiplicity) in P. 

There are now two cases to consider. If w # —w mod L, then modulo L, w and —w 
give rise to two distinct points of P, both of which are zeros of f(z) = ¢(z) — p(w). 
Since Z = 2, these are all of the zeros, and their multiplicity is one, i-e., o’(w) 4 0. 
If w= —w mod L, then 2w € L. Since g’(z) is an odd function (being the derivative 
of an even function), we obtain 


dz=Z—P, 


9’ (w) = 9'(w— 2w) = 9'(—w) = -¢'(w), 


which forces o’(w) = 0. Thus modulo L, w gives rise to a zero of f(z) of multiplicity 
> 2 in P, and again Z = 2 implies that these are all. This proves the lemma. Q.E.D. 


The proof of Lemma 10.4 yields the following useful corollary: 
Corollary 10.5. If w ¢ L, then g'(w) = 0 if and only if 2w € L. Q.E.D. 


Now we can finally prove the addition theorem. Fix w ¢ L, and consider the 
elliptic function 


eae)" 


G(z) = ez +) + (2) + e(w) — i ( 9(z) — p(w) 


If we can show that G(z) is holomorphic on C and vanishes at the origin, then as in 
(ii), Liouville’s Theorem will imply that G(z) vanishes identically, and the addition 
theorem will be proved. 

Using Lemma 10.4, we see that the possible singularities of G(z) come from three 
sources: L, L+ {w} and L— {w}. By periodicity, it suffices to consider G(0), G(w) 
and G(—w). Let’s begin with G(0). Using the Laurent expansions for ¢(z) and ¢’(z), 
one sees that 


UAC Tes LC ie aed St a 
eo oa) Al 1/2—p(w) + ) ce a 


where as usual, + --- means terms involving positive powers of z. Hence 


Glo) = ole+w) + lw) +5 4--— 5 —zolW) =, 
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and it follows that G(0) = 0. 
To simplify the remainder of the argument, we will assume that 2w ¢ L. Turning 
to G(w), we use L’Hospital’s rule to obtain 


G(w) = plaw) +2p(w) 4 (20)" 
w)= -- i 
Ee TAN) 
Since 2w ¢ L, Corollary 10.5 shows that o’(w) 4 0, and thus G(w) is defined. It 
remains to consider G(—w). We begin with some Laurent expansions about z = —w: 


1 
aR all OTS aaa 


e(z) = e(—w) + p'(—w) (z+) +--- = p(w) —e'(w)ztw)t--, 


where +--- now refers to higher powers of z+ w. Since p’(w) # 0, these formulas 
make it easy to show that G(—w) is defined (see Exercise 10.7). This shows that 
G(z) is holomorphic and vanishes at 0, so that G(z) vanishes everywhere. 

To complete the proof, we need to consider the case 2w € L. We leave this to the 
reader (see Exercise 10.7). We have now proved Theorem 10.1. QE.D. 


There are many more results connected with the Weierstrass g-function, and we 
refer the reader to Chandrasekharan [16, Chapter III], Lang [73, Chapter 1] or Whit- 
taker and Watson [109, Chapter XX] for more details. 


B. The j-invariant of a Lattice 


Elliptic functions depend on which lattice is being used, but sometimes different 
lattices can have basically the same elliptic functions. We say that two lattices L and 
L’ are homothetic if there is a nonzero complex number such that L’ = AL. Note 
that homothety is an equivalence relation. It is easy to check how homothety affects 
elliptic functions: if f(z) is an elliptic function for L, then f(A~!z) is an elliptic 
function for AL. Furthermore, the g-function transforms as follows: 


(Az; AL) = A~*@(z;L). 


Thus we would like to classify lattices up to homothety, and this is where the j- 
invariant comes in. 

Given a lattice L, we have the constants g2(L) and g3(L) which appear in the 
differential equation for ¢o(z). It is customary to set 


A(L) = g2(L)* — 27g3(L)?. 


The number A (L) is closely related to the discriminant of the cubic polynomial 4° — 
82(L)x — g3(L) that appears in the differential equation for g(z). In fact, if e1, e2, 
and e3 are the roots of this polynomial, then one can show that 


(10.6) A(L) = 16(e; — e2)"(e1 — e3)?(e2 — 3)” 
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(see Exercise 10.8). An important fact is that A(L) never vanishes, i.e., 
Proposition 10.7. If L is a lattice, then A(L) # 0. 


Proof. If w ¢ L and 2w € L, then Corollary 10.5 implies that o’(w) = 0. Then the 
differential equation from Theorem 10.1 tells us that 


0 = p'(w)? = 49(w)? — go(L)o(w) — g3(L), 


so that go(w) is a root of 4x? — go(L)x— g3(L). If L = [w1,w2], this process gives three 
roots o(w;,/2), g(w2/2) and ((w; +w2)/2), which are distinct by Lemma 10.4 
since +w)/2, tw 2/2 and +(w) +w»)/2 are distinct modulo L. Thus the roots of 
4x3 — go(L)x — g3(L) are distinct, and A(L) # 0 by (10.6). Q.E.D. 


The j-invariant j(L) of the lattice L is defined to be the complex number 


ee g2(L)? _ g2(L)° 
(10.8) iE) = 1728 eae = 8a 


Note that j(L) is always defined since A(L) 4 0. The reason for the factor of 1728 
will become clear in §11. The remarkable fact is that the j-invariant j(L) character- 
izes the lattice L up to homothety: 


Theorem 10.9. [f L and L’ are lattices in C, then j(L) = j(L’) if and only if L and 
L' are homothetic. 


Proof. \t is easy to see that homothetic lattices have the same j-invariant. Namely, 
if \ € C*, then the definition of g2(L) and g3(L) implies that 


g2(AL) = A~*g0(L) 
g3(AL) = A°g3(L), 


and j(AL) = j(L) follows easily. 
Now suppose that L and L’ are lattices such that j(L) = j(L’). We first claim that 
there is a complex number A such that 


82(L’) = X~*g2(L) 
g3(L') = X~®g3(L). 
When g2{L’) 4 0 and g3(L’) 4 0, we can pick a number J such that 


4_ g2(L) 
g2(L’) 


Since j(L) = j(L’), some easy algebra shows that 


=e Ea 


(10.10) 


(10.11) 
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so that 


6 _ 4 83 (L) 
g3(L') 
Replacing X by iA if necessary, we can assume that the above sign is +, and then 
(10.11) follows. The proof when g2(L’) = 0 or g3(L’) = 0 is similar and is left to the 
reader (see Exercise 10.9). 
To exploit (10.11), we need to learn more about the Laurent expansion of the 
go-function: 


Lemma 10.12. Let ¢(z) be the ¢-function for the lattice L, and as in Lemma 10.3, 
let 


1 co 
pl) = 3+ S > (2n+ 1)Gong2(L) 2" 
n=1t 
be its Laurent expansion. Then for n > 1, the coefficient (2n + 1)Gon42(L) of 2" is a 
polynomial with rational coefficients, independent of L, in g2(L) and g3(L). 


Proof. For simplicity, we will write the coefficients of the Laurent expansion as a, = 
(2n+ 1)Gon42(L). To get a relation among the a,’s, we differentiate the equation 
g' (2)? = 4@(z)° — ga(L) (2) — g3(L) to obtain 


go" (z) = 6(z)" — (1/2)go(L). 


By substituting in the Laurent expansion for ¢o(z) and comparing the coefficients of 


z’n—2, one easily sees that for n > 3, 


n—2 


2n(2n — 1)a, = 6(20 + Yo aiay-1-1) 


i=] 
(see Exercise 10.10), and hence 


n—2 
(2n + 3)(n—2)an = 330 ajan—1-i. 


i=] 


Since go(L) = 60G4(L) = 20a; and g3(L) = 140G¢(L) = 28a2, an easy induction 
shows that a, is a polynomial with rational coefficients in g2(L) and go(L). This 
proves the lemma. Q.E.D. 


Now suppose that we have lattices L and L’ such that (10.11) holds for some 
constant A. We claim that L’ = AL. To see this, first note that by (10.10), we have 
82(L") = go(AL) and g3(L’) = g3(AL). Then (2n + 1)Gan42(L') = (2n + 1)Grn42(AL) 
for all n > 1 by Lemma 10.12, so that g(z;L’) and (z; AL) have the same Laurent 
expansion about 0. Hence the two functions agree in a neighborhood of the origin, 
which implies that go(z; L’) = ¢(z; AL) everywhere. Since the lattice is the set of poles 
of the go-function, this proves that L’ = AL, and the theorem follows. Q.E.D. 
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Besides the notion of the j-invariant of a lattice, there is another way to think 
about the j-invariant which will be useful when we study modular functions. Given 
a complex number 7 in the upper half plane h = {7 € C : Im(r) > 0}, we get the 
lattice [1, 7], and then the j-function j(r) is defined by 


I(r) = i((1,7)). 


The analytic properties of j(7) play an important role in the theory of complex mul- 
tiplication and will be studied in detail in §11. 


C. Complex Multiplication 


We begin with the simple observation that orders in imaginary quadratic fields give 
rise to a natural class of lattices. Namely, let O be an order in the imaginary quadratic 
field K, and let a be a proper fractional O-ideal. We know from §7 that a = {a, 8] for 
some a, 3 € K (see Exercise 7.8). We can regard K as a subset of C, and since K is 
imaginary quadratic, a and £ are linearly independent over R (see Exercise 10.11). 
Thus a = [a, §] is a lattice in C, and consequently the j-invariant j(a) is defined. 
These complex numbers, often called singular moduli, have some remarkable prop- 
erties which will be explored in §11. For now, we have the more modest goal of 
trying to motivate the idea of complex multiplication. 

In order to simplify our discussion of complex multiplication, we will fix the 
lattice L. As usual, o(z;L) is written ¢(z), and to simplify things further, g2(L) and 
g3(L) will be written g2 and g3. The basic idea of complex multiplication goes back 
to the addition law for the g-function, proved in part (iii) of Theorem 10.1. If we 
specialize to the case z = w, then L’Hospital’s rule gives the following duplication 
formula for the g-function: 


" 2 
(10.13) ¢o(2z) = —2¢(z) +4 (58 ) 


However, the differential equation from Theorem 10.1 implies that 


@! (2)? = 4p(z)° — g2(z) — 83 


gp” (z) = 6@(z)? — (1/2)g2, 


and substituting these expressions into (10.13), we obtain 


7 (12(z)? — g2)? 
§(2z) = —2g(z) + ACRE are CEPA 


Thus £0(2z) is a rational function in ¢(z). More generally, one can show by induc- 
tion that for any positive integer n, ¢(nz) is a rational function in ¢(z) (see Exer- 
cise 10.12). So the natural question to ask is whether there are any other complex 
numbers @ for which ¢(az) is a rational function in g(z). The answer is rather 
surprising: 
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Theorem 10.14. Let L be a lattice, and let ¢(z) be the g-function for L. Then, for a 
number a € C —Z, the following statements are equivalent: 
(i) 90(az) is a rational function in ¢(z). 
(ii) aL CL, 


(iii) There is an order O in an imaginary quadratic field K such that a € O and L 
is homothetic to a proper fractional O-ideal. 


Furthermore, if these conditions are satisfied, then 9(az) can be written in the form 


_ Ae) 
B(p(z)) 


where A(x) and B(x) are relatively prime polynomials such that 


(az) 


deg(A(x)) = deg(B(x)) +1 = [L: aL] = N(a). 


Proof. (i) => (ii). If ¢(az) is a rational function in ¢(z), then there are polynomials 
A(x) and B(x) such that 


(10.15) B(p(z)) (az) = A(@(z)). 
Since ¢o(z) and (az) have double poles at the origin, it follows from (10.15) that 
(10.16) deg(A(x)) = deg(B(x)) +1. 


Now let w € L. Then (10.15) and (10.16) show that (az) has a pole at w, which 
means that g(z) has a pole at aw. Since the poles of ¢(z) are exactly the period 
lattice L, this implies that aw € L, and aL C L follows. 

(ii) > @). If aL CL, it follows that g(az) is meromorphic and has L as:a lattice 
of periods. Furthermore, note that (az) is an even function since ¢(z) is. Then the 
following theorem immediately implies that (az) is a rational function in ¢(z): 


Lemma 10.17. Any even elliptic function for L is a rational function in ¢(z). 
Proof. The proof of this assertion is covered in Exercise 10.13. Q.E.D. 


(ii) = (iii). Suppose that aL Cc L. Replacing L by AL for suitable 4, we can 
assume that L = [1,7] for some r € C—R. Then aL C L means that a = a+br and 
at =c+dr for some integers a, b, c and d. Taking the quotient of the two equations, 


we obtain 
e+ dt 


pie 
at+br’ 
which gives us the quadratic equation 


br? + (a—d)r—c=0. 
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Since 7 is not real, we must have b # 0, and then K = Q(r) is an imaginary quadratic 
field. It follows that 
O={BEK:BLCL} 


is an order of K for which L is a proper fractional O-ideal, and since a is obviously 
in O, we are done. 

(iii) = Gi). This implication is trivial. 

Finally, to prove the last statement of the theorem, suppose that 


(10.18) B= A(g(z)) 


B(e(2)) 


By (10.16), we know that deg(A(x)) = deg(B(x)) + 1, and in Corollary 11.27, we 
will show that N(a) = [L: aL]. It remains to prove that the degree of A(x) is the 
index [L: aL]. 

Fix z € C such that 2z ¢ (1/a)L, and consider the polynomial A(x) — o(az)B(x). 
This polynomial has the same degree as A(x), and z can be chosen so that it has 
distinct roots (see Exercise 10.14). Then consider the lattices L Cc (1/a)L, and let 
{w;} be coset representatives of L in (1/a)L. We claim that 


(10.19) The ¢o(z+ w;) are distinct and give all roots of A(x) — g{az)B(x). 


This will imply deg(A(x)) = [(1/a)L: L] = [L: aL], and the theorem will be proved. 

To prove (10.19), we first show that the g(z+ w;) are distinct. If not, we would 
have g(z+ w;) = o(z+w,;) for some i # j. Then Lemma 10.4 implies that z+ w; = 
+(z+w;) mod L. The plus sign implies w; = w; mod L, which contradicts i # j, and 
the minus sign implies 2z = —w, — w; mod L, which contradicts 2z ¢ (1/a)L. Thus 
the g(z+ w;) are distinct. 

From (10.18), we see that A(o(z+wi)) = e(a(z + w;))B(o(z + w;)). But w; € 
(1/a@)L, so that a(z+ w;) = az mod L, and hence g(a(z+w;)) = e(az). This shows 
that the g(z + w;) are roots of A(x) — ¢(az)B(x). To see that all roots arise this way, 
let uw be another root. Note that B(u) 4 0 since B(u) = 0 implies A(u) = 0, which 
is impossible since A(x) and B(x) are relatively prime. By adapting the argument 
of Lemma 10.4, it is easy to see that u = o(w) for some complex number w (see 
Exercise 10.14). Then 


) Alu) _ A(olw)) _ 
Blu) B(olw)) 


and using Lemma 10.4 again, we see that aw = taz mod L. Changing w to —w 
if necessary (which doesn’t affect u = ¢(w) = o(—w)), we can assume that w = z 
mod (1/a)L. Working modulo L, this means w = z+ w; mod L for some i, and thus 
u = o(w) = o(z+ w;) is one of the known roots. This proves (10.19), and we are 
done with Theorem 10.14. Q.E.D. 


paz p(aw), 


This theorem shows that if an elliptic function has multiplication by some @ € 
C —R, then it has multiplication by an entire order O in an imaginary quadratic 
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field. Notice that all of the elements of O — Z are genuinely complex, i.e., not real. 
This accounts for the name complex multiplication. 

One important consequence of Theorem 10.14 is that complex multiplication is an 
intrinsic property of the lattice. So rather than talk about elliptic functions with com- 
plex multiplication, it makes more sense to talk about lattices with complex multipli- 
cation. Since changing the lattice by a constant multiple doesn’t affect the complex 
multiplications, we will work with homothety classes of lattices. 

Using Theorem 10.14, we can relate homothety classes of lattices and ideal class 
groups of orders as follows. Fix an order O in an imaginary quadratic field, and 
consider those lattices L C C which have O as their full ring of complex multiplica- 
tions. By Theorem 10.14, we can assume that L is a proper fractional O-ideal, and 
conversely, every proper fractional O-ideal is a lattice with O as its ring of complex 
multiplications. Furthermore, two proper fractional O-ideals are homothetic as lat- 
tices if and only if they determine the same class in the ideal class group C(O) (see 
Exercise 10.15). We have thus proved the following: 


Corollary 10.20. Let O be an order in an imaginary quadratic field. Then there is a 
one-to-one correspondence between the ideal class group C(O) and the homothety 
classes of lattices with O as their full ring of complex multiplications. Q.E.D. 


It follows that the class number A(Q) tells us the number of homothety classes of 
lattices having O as their full ring of complex multiplications. 

Here are some examples. First, consider all lattices which have complex multi- 
plication by /—3. This means that we are dealing with an order © containing /—3 
in the field K = Q(/—3). Then © must be either Z[/—3] or Z[w], w = e?7'/3, and 
since both of these have class number 1, the only lattices are [1,/—3] and [1,w]. 
Thus, up to homothety, there are only two lattices with complex multiplication by 
/—3. Next, consider complex multiplication by /—5. Here, K = Q(./—5), and the 
only order containing /—5 is the maximal order Ox = Z[V—5]. The class number is 
h(—20) = 2, and since we know the reduced forms of discriminant —20, the results 
of §7 show that up to homothety, the only lattices with complex multiplication by 
V—5 are [1, /—5] and [2,1 + V/—5] (see Exercise 10.16). 

The discussion so far has concentrated on the elliptic functions and their lattices. 
Since our ultimate goal involves the j-invariant of the lattices, we need to indicate 
how complex multiplication influences the j-invariant. Let’s start with the simplest 
case, complex multiplication by i= //—1. Up to a multiple, the only possible lattice 
is L = [1,i]. To compute j(L) = j(i), note that iL = L, so that by the homogeneity 
(10.11) of g3(L), 


g3(L) = g3(iL) =i °g3(L) = —g3(L). 


This implies that g3(Z) = 0, and then the formula (10.8) for the j-invariant tells 
us that j(i) = 1728. Similarly, one can show that if L = [1,w], w = e?"/3, then 
g2(L) = 0, which tells us that j(w) = 0 (see Exercise 10.17). 

A more interesting example is given by complex multiplication by /—2. By 
the above methods, the only lattice involved is [1, /—2], up to homothety. We will 
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follow the exposition of Stark [97] and show that 


i(W—2) = 8000. 


Since N(./—2) = 2, Theorem 10.14 tells us that 


A(o(2)) 
e(V-22) = Fete) 


where A(x) is quadratic and B(x) is linear. By dividing B(x) into A(x), we can write 
this as 


(10.21) e(V—22z) = ap(z) +b + ———. sae 


where a and c are nonzero complex numbers. To exploit this identity, we will use the 
Laurent expansion of o(z) at z= 0. The differential equation for ¢(z) shows that the 
first few terms of the Laurent expansion are 


~ 1. & eae 83 4 83 
p) = 3+ 39% + 582 a 7 a 
(this follows easily from the proof of Lemma 10.12—see Exercise 10.18). To sim- 
plify this expansion, first note that gz and g3 are nonzero, for otherwise there would 
be complex multiplication by i or w, which can’t happen for L = [1,/—2] (see Ex- 
ercise 10.19). Then, replacing L by a suitable multiple, the homogeneity of g2 and 
g3 allows us to assume that go = 20g and g3 = 28g for some number g (see Exer- 
cise 10.19). With this choice of lattice, the expansion for go(z) can be written 


_! 2 rere er 
P= ser bes tae bes 
z 3 
and it follows that the expansion for go(/—22) is 


(Vv —2z) = — —2e2 +4¢24 - 8 4. +: 
Now the constants a and b appearing in (10.21) are the unique constants such that 
¢o(./—2z) — ap(z) — b is zero when z = 0. Comparing the above expansions for 
e(z) and (./—2z), we see that a = —1/2 and b=0. Then (10.21) tells us the 
remarkable fact that (§o(/—2z) + 3,0(z))~' is a linear polynomial in g(z). Using the 
above expansions, one computes that 


(10.22) (» ae +300) = (Bes Be sy) 
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(see Exercise 10.19). By (10.21), this expression is linear in g(z). Looking at the 
behavior at z = 0, it follows that the bottom line of (10.22) must equal 


2 2 
=3 Ole) ==, 
3499-5 


and then comparing the coefficients of z* implies that 


. . . . Rae 7 
Solving this equation for g yields g = 4, so that 
5-27 
7-27 
83 = 28g=— 


and thus 5 
2 82 3 
i(V—2) = 1728——-=—,, = 8000 = 20°. 
83 — 2783 


By a similar computation, one can also show that 


j (42) = —3375 = (-15)° 


(see Exercise 10.20). In §12 we will explain why these numbers are cubes. 

Besides allowing us to compute j(/—2) and j((1 + /—7)/2), the Laurent series 
of the g-function can be used to give an elementary proof that the j-invariant of a 
lattice with complex multiplication is an algebraic number: 


Theorem 10.23. Let O be an order in an imaginary quadratic field, and let a be a 
proper fractional O-ideal. Then j(a) is an algebraic number of degree at most h(©). 


Proof. By Lemma 10.12, the Laurent expansion of g(z) can be written 


1 fee} 
ePW)=S +} 7 an(g2,83)2", 
n=1 


where each a,(g2,g3) is a polynomial in g2 and g3 with rational coefficients. To 
emphasize the dependence on g and g3, we will write ¢(z) as 9(z; 22,23). 
By assumption, for any a € O, ¢(az) is a rational function in g(z), say 


A(p(z;82, 
(10.24) (az; 82,83) = oe. 


We then have the Laurent expansion 


1 = 2n2n 
(023 82,83) = a5 + Dan 2,83) 0°"2", 


n=1 
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which means that (10.24) can be regarded as an identity in the field C((z)) of for- 
mal meromorphic Laurent series. Recall that C((z)) is the field of fractions of the 
formal power series ring C[{z]], so that an element of C((z)) is a series of the form 
So wap Ont: One C. 

Now let o be any automorphism of C. Then o induces an automorphism of C((z)) 
by acting on the coefficients. Thus, if we apply o to (10.24), we obtain the identity 


(10.25) 9(o(a)z;o(g2),0(g3)) = Se EMITS] 


where A° (x) (resp. B(x)) is the polynomial obtained by applying o to the coeffi- 
cients of A(x) (resp. B(x)). This follows because a,(g2, 93) is a polynomial in g2 
and g3 with rational coefficients. We don’t know much about o(g2) and o(g3), but 
g3 — 279% #0 implies o(g2)? — 27a(g3)* 4 0. In §11, we will prove that this condi- 
tion on o(g2) and o(g3) guarantees that there is a lattice L such that 


g2(L) = o(g2) 
g3(L) = o(g3) 


(see Corollary 11.7). Thus the formal Laurent series ¢(z;o(g2),0(g3)) is the Laurent 
series of the g-function g(z;L), and then (10.25) tells us that g(z;L) has complex 
multiplication by o(a). This holds for any a € QO, so that if O’ is the ring of all 
complex multiplications of L, then we have proved that 


O=0(0)c Oo. 


If we replace o with o—! and interchange a and L, the above argument shows that 
O' c O, which shows that O = ©’ is the ring of all complex multiplications of both 
aand L. 

Now consider j-invariants. The above formulas for g2(L) and g3(L) imply that 


(10.26) j(L) = o(j(a)). 


Since L has © as its ring of complex multiplications, Corollary 10.20 implies that 
there are only h(©) possibilities for j(L). By (10.26), there are thus at most h(O) 
possibilities for 7(j(a)). Since o was an arbitrary automorphism of C, it follows that 
j(a) must be an algebraic number, and in fact the degree of its minimal polynomial 
over Q is at most h(O). This proves the theorem. Q.E.D. 


In §11 we will prove the stronger result that j(a) is an algebraic integer and that 
the degree of its minimal polynomial equals the class number h(O). But we thought 
it worthwhile to show what can be done by elementary means. Furthermore, the 
method of proof used above (the action of an automorphism on the coefficients of a 
Laurent expansion) is similar to some of the arguments to be given in §11. 

For a more classical introduction to complex multiplication, the reader should 
consult the book [9] by Borwein and Borwein. 
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D. Exercises 


10.1. 


10.2. 


10.3. 


10.4. 


10.5. 


10.6. 


10.7. 


10.8. 


This exercise is concerned with the proof of Lemma 10.2. 
(a) If L = [wj,wo] is a lattice, let M = min{|xw; + yw2|: x? +y* = 1}. Show 
that M > 0 and that |xw) + ywo| > My/x? WA for all x,y € R. 


(b) Show that the double integral ff agspsi x? + y’)~"/2 dxdy converges 
when r > 2. 


(c) Show that the series >), ,,(m? +n?)~'/? converges when r > 2. Hint: 
compare the series to the integral in part (b). 


In the proof of Theorem 10.1, we proved that g!(z) = —2 0 ,<,(z-w)7?. 


(a) Show that this series converges absolutely for z ¢ L. 
(b) Using (a), show that ¢’(z+w) = g'(z) forw € L. 


Show that for |x| < 1, (1 a)" 2 = yr (n+ 1)x". Hint: differentiate the 
standard identity (1 —x)~! = 0x". 


Use Lemma 10.3 to show that 
1 9G4(L 
(z= at st ) +156 6(L) + 
4 | Gall 


1 N2 E> = 
g'(z)* = at 2 80G6(L) + -- 


where +--+ indicates terms involving positive powers of z. 


Use Liouville’s Theorem to show that a holomorphic elliptic function f(z) 
must be constant. Hint: consider the function |f(z)| on the parallelogram 
{sw, +tw2:0<s,t < 1}. Exercise 10.6 will be useful. 


Let L = |[w;,wy] be a lattice. For a fixed a € C, consider the parallelogram 
P= {a+su,+tw2:0<s,t < 1}. Show that if z € C, then there is z’ € P 
such that z = 2’ mod L. Note that the parallelogram used in Lemma 10.4 
corresponds to a = dw; + dw2. 


As in the proof of the addition theorem, let 


(a) If 2w ¢ L, complete the argument begun in the text to show that G(—w) 
is defined. 


(b) Prove the addition law when 2w € L. Hint: take a sequence of points w; 
converging to w such that 2w; ¢ L for all i. 


Let 4x° — gox — g3 be a cubic polynomial with roots e;,e2 and e3. 
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10.9. 


10.10. 


10.11. 


10.12. 


10.13. 
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(a) Show that e; +e: +63 = 0, e1é2 + ee3 + e263 = —g2/4 and e;e2€3 = 
93/4. 
(b) Using (a), show that g3 — 27g3 = 16(e, — er)?(e, — e3)*(e2 — 3)”. 


Let L and L’ be lattices such that j(L) = j(L’). If go(L’) = 0 or g3(L’) = 0, 
prove that there is a complex number \ such that (10.11) holds. Hint: by 
Proposition 10.7, they can’t both be zero. 


As in Lemma 10.3, let the Laurent expansion of the g-function about 0 be 
(z) = 2-7 + 0 an 2", where an = (2n+ 1)Grn42 - 


(a) Use the differential equation for the g-function to show that g’(z) = 
6go(z)* — (1/2)ga(L). 
(b) Use (a) to show that for n > 3, 


n—2 


2n(2n — 1)ay = 6(20, + Sai tn-1-1] ; 


i=] 
Let K be an imaginary quadratic field, which we regard as a subfield of C. 


(a) If O is an order in K and a = [a, (] is a proper fractional O-ideal, then 
show that @ and £ are linearly independent over R. Thus a Cc C is a 
lattice. 


(b) Conversely, let L Cc C be a lattice which is contained in K. Show that L 
is a proper fractional O-ideal for some order O of K. 


Let L be a lattice, and let n be a positive integer. 


(a) Prove that (nz) is a rational function in ¢(z). Hint: use the addition law 
and induction on n. For a quicker proof, use Lemma 10.17. 


(b) Adapt the proof of Theorem 10.14 to show that the numerator of the 
rational function of part (a) has degree n* and the denominator has degree 
2 
n° —1. 


In this exercise we will see how to express elliptic functions for a given lattice 
L in terms of go(z) and g'(z). 


(a) Let f(z) be an even elliptic function which is holomorphic on C — L. 
Prove that f(z) is a polynomial in ¢(z). Hint: show that there is a poly- 
nomial A(x) such that the Laurent expansion of f(z) — A(go(z)) has only 
terms of nonnegative degree. Then use Exercise 10.5. 


(b) Let f(z) be an even elliptic function that has a pole of order m at w € C. 
Assume that w ¢ L. Prove that ((z) — o(w))" f(z) is holomorphic at w. 


(c) Show that an even elliptic function f(z) is a rational function in g(z). 
This will prove Lemma 10.17. Hint: write L = [w1,w2], and consider the 
parallelogram P = {sw +tw2:0<s,t <1}. Note that only finitely many 


10.14. 


10.15. 


10.16. 


10.17. 
10.18. 


10.19. 
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poles of f(z) lie in P. Now use part (b) to find a polynomial B(x) such 
that B(g(z)) f(z) is holomorphic on C — L (use Exercise 10.6). Then the 
claim follows easily by part (a). 


(d) Show that all elliptic functions for L are rational functions in ¢(z) and 
g'(z). Hint: 


f(g = £2 +ie2 rs (2) Bey. 


This exercise is concerned with the proof of Theorem 10.14. 


(a) Let A(x) and B(x) be relatively prime polynomials. Prove that there are 
only finitely many complex numbers such that the polynomial A(x) — 
B(x) has a multiple root. Hint: show that every multiple root is a root 
of A(x)B’ (x) — A’(x)B(x). 

(b) Adapt the proof of Lemma 10.4 to show that for any complex number u, 
the equation u = g(w) always has a solution. 


Let a and b be two proper fractional O-ideals, where O is an order in an 
imaginary quadratic field. Prove that a and b determine the same class in the 
ideal class group C(Q) if and only if they are homothetic as lattices in C. 


In this exercise we will study lattices with complex multiplication by a fixed 
complex number a € C —Z. 


(a) Verify that up to a multiple, the only lattices with complex multiplication 
by V—5S are [1, /—5] and [2,1 + /—S]. 

(b) Determine, up to a multiple, all lattices with complex multiplication by 
V—14. Hint: see the example following Theorem 5.25. 


(c) Let K be an imaginary quadratic field of discriminant dx, and let a € 
Ox — Z. Show that up to homothety, the number of lattices given with 
complex multiplication by a is given by 


(Ox:2[a]] 


SS” AC fdr). 


f=! 
Let w = e?™/3, and let L be the lattice [1,w]. Show that g2(L) = j(w) =0. 


Use the proof of Lemma 10.12 to show that in a neighborhood of z = 0, the 
Laurent expansion of the g-function is 


de | (RP oy BS ou 8 6 
9(z) = zt 30° + 592 + 12002 + 


This exercise is concerned with the computation j(./—2) = 8000. 
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(a) If L is a lattice with g2(L) = 0, then prove that L is a multiple of [1,w], 
where w = e?/3, Hint: use Theorem 10.9 and Exercise 10.17. 

(b) Similarly, show that if g3(L) = 0, then L is a multiple of [1, i]. 

(c) If Lisa lattice with g2g3 4 0, then show that there is a nonzero complex 
number A such that for some g € C, \~*g7 = 20g and \~°g3 = 28g. Hint: 
use (10.10). 

(d) Verify the computations made in (10.22). 


10.20. Show that j((1 + /—7)/2) = —3375. 
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In §10 we studied complex multiplication, and we saw that for an order © in an 
imaginary quadratic field, the j-invariant j(a) of a proper fractional O-ideal a is an 
algebraic number. This suggests a strong connection with number theory, and the 
goal of §11 is to unravel this connection by relating j(a) to the ring class field of O 
introduced in §9. The precise statement of this relation is the “First Main Theorem” 
of complex multiplication, which is the main result of this section: 


Theorem 11.1. Let O be an order in an imaginary quadratic field K, and let a be 
a proper fractional O-ideal. Then the j-invariant j(a) is an algebraic integer and 
K(j(a)) is the ring class field of the order O. 


For a fixed order O, we will prove in §13 that the j(a)’s are all conjugate and 
hence are roots of the same irreducible polynomial over Q. This polynomial is called 
the class equation of O and will be studied in detail in §13. 

Of special interest is the case when O = Z[,\/—n]}. Here, Theorem 11.1 implies 
that j(O) = j(,/—n) is an algebraic integer and is a primitive element of the ring 
class field of Z[,/—n]. It is elementary to see that j(./—n) is real (see Exercise 11.1), 
and thus, by Theorem 9.2, the class equation of Z[,/—n] can be used to characterize 
primes of the form p = x? + ny’. 

Before we can prove Theorem 11.1, we need to learn about modular functions 
and the modular equation. The first step is to study the j-function j(7) in detail. 


A. The j-Function 


The j-invariant j(L) of a lattice L was defined in §10 in terms of the constants g2(L) 
and g3(L). Given 7 in the upper half plane h, we get the lattice [1,7], and then the 
j-function j(7) is defined by 

J(r) = i((1,7))- 
We also define g2(7) and g3(7) by 


(7) = anlltir) = 0 


g(r) = ax(ll,7)) = 40 oe, 
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where ets denotes summation over all ordered pairs of integers (m,n) # (0,0). By 
(10.8), it follows that j(7) is given by the formula 


g2(T)? 
A(r)’ 


j(r) = 1728 


where A(T) = g2(7)? —2723(7)?. 
The properties of j(7) are closely related to the action of SL(2,Z) on the upper 
half plane h. This action is defined as follows: if 7 € h and y = (74) € SL(2,Z), 


then 
_at+b 


Pred 
It is easy to check that yr € h (see Exercise 11.2), and we say that yr and 7 are 
SL(2, Z)-equivalent. Then the j-function has the following properties: 


Theorem 11.2. 


(i) j(7) is a holomorphic function on b. 
(ii) If r and 1’ lie in b, then j(r) = j(r’) if and only if r' = yr for some y € 
SL(2,Z). In particular, j(r) is SL(2,Z)-invariant. 
(iii) 7: > C is surjective. 
(iv) Fort €b, j’(r) #0, except in the following cases: 


(a) T= i, y € SL(2,Z), where j’(r) =0, j"(r) #0. 
(b) 7 = yu, w = e?/3, -y € SL(2,Z), where j'(r) = j(r) =0, j’" (7) £0. 


Proof. To prove (i), recall from Proposition 10.7 that A(7) never vanishes. Thus 
it suffices to show that g2(7) and g3(7) are holomorphic. For g2(7), this works as 
follows. By Lemma 10.2, the sum defining g2(r) converges absolutely, but we still 
must show that the convergence is uniform on compact subsets of h. To see this, first 
note that g2(7 + 1) = g(r) (this follows from absolute convergence). Thus it suffices 
to show that convergence is uniform when 7 satisfies |Re(7)| < 1/2 and Im(r) > e, 
where € < 1 is an arbitrary positive number. In this case it is easy to show that 


|m+nr| > 5 Vm +n 


(see Exercise 11.3), and then uniform convergence is immediate. The proof for g3(7) 
is similar, so that g2(7), g3(7), A(7) and j(7) are all holomorphic on b. 
Turning to (ii), we need to recall the following fact from §7: if 7,7’ € b, then 


[1,7] and [1,7’] are homothetic <=> 7’ = yr for some yy € SL(2,Z). 


See (7.8) for the proof (in §7, we assumed that 7 and 7’ lay in an imaginary quadratic 
field, but the proof given for (7.8) holds for arbitrary 7,7’ € h). From Theorem 10.9, 
we also know that 


i(r) = j(7’) <> [1,7] and [1,7’] are homothetic. 
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Combining these two equivalences, (ii) is immediate. 
Before we can prove (iii), we need to compute the limits of g2(7) and g3(7) as 
Im(r) — oc. To study g2(7), write 


; 1 


m= ve mn=— OO 


n#0 


Using the uniform convergence proved in (i), we see that 


co 
1 
unfit, 82(7) = 120) oe 
and then the well known formula )>°°_, 1/m* = 1*/90 (see Serre [88, §VII.4.1]) 
implies that 
4 
lim go(r)==7". 


Im(r)—00 3 


The case of g3(7) is similar. Here, the key formula is }>°°_, 1/m® = 7°/945 (see 
Serre [88, § VII.4.1]), and one obtains 


li == 

ine? = a 
These limits imply that 
; 4, 8 3 

wim,.at0= ($e) -9(3')'=0 


and it follows easily that 


(11.3) lim j(7T)= 


Im(r)—0o 
We will also need the following lemma: 


Lemma 11.4. Every 7 € § is SL(2,Z)-equivalent to a point t’ € h which satisfies 
|Re(r’)| < 1/2 and Im(r’) > 1/2. 


Proof. If Im(r) > 1/2, then there is an integer m such that 7’ = 7 + m satisfies 
|Re(7’)| < 1/2 and Im(7’) > 1/2. Since 7’ = 7 +m = (}")r, we are done in this 
case. 

If Im(7) < 1/2, then by the argument of the previous paragraph, we can assume 
|Re(r)| < 1/2. It follows that |r| < 1/2, so that 


(2) => ame 


T 


Since —1/7 = (} ~4)7, we can more than double the imaginary part of 7 by using an 
element of SL(2,Z). Repeating this process as often as necessary, we must eventu- 
ally obtain a SL(2, Z)-equivalent point 7’ € which satisfies Im(7’) > 1/2. Q.E.D. 
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This lemma is related to the idea of finding a fundamental domain for the action of 
SL(2,Z) on h. We won’t use this concept in the text, but there is an interesting rela- 
tion between fundamental domains and reduced forms (in the sense of Theorem 2.8). : 
See Exercise 11.4 for the details. 

We can now show that the j-function is surjective. Since it’s holomorphic and 
nonconstant, its image is an open subset of C. If we can show that the image is 
closed, surjectivity will follow. So take a sequence of points j(7;.) which converges 
to some w € C. We need to show that w = j(7) for some 7 € h. By Lemma 11.4, we 
can assume that each 7; lies in the region R = {7 € h: [Re(7)| < 1/2, Im(r) > 1/2}. 
If the imaginary parts of the 7;’s were unbounded, then by the limit (11.3), the j(7)’s 
would have a subsequence which converged to oo. This is clearly impossible. But 
once the imaginary parts are bounded, the 7;,’s lie in a compact subset of h. Then 
they have a subsequence converging to some T € h, and it follows by continuity that 
j(T) = w, as desired. 

The proof of (iv) will use the following lemma: 


Lemma 11.5. If 7,7' € 6, then there exist neighborhoods U of r and V of T' such 
that the set {y € SL(2,Z) : y(U) NV FO} is finite. 


Proof. This lemma says that SL(2, Z) acts properly discontinuously on h. The proof 
is given in Exercise 11.5. Q.E.D. 


Corollary 11.6. [fr € b, then 7 has a neighborhood U such that for all 7 € SL(2,Z), 
yU)NU £0 <=> yr=r. 
Proof. See Exercise 11.5. Q.E.D. 


Now suppose that j’(r) = 0. Then 7 has a neighborhood U such that for w suf- 
ficiently close to j(7), there are 7’ # 7” € U such that j(r’) = j(r”) = w. By (ii), 
tT’ =r’ for some y # £1, where J = (}°). Thus y(U)MU #90. By shrinking 
U and using Corollary 11.6, it follows that yr = 7,7 # +/. This is a very strong 
restriction on 7. To see why, let y = (25). Then yr = 7 implies that 


(1,7] = (er +4)[1,7] 


(see the proof of (7.8)), and since y # +/, an easy argument shows that c 4 0 (see 
Exercise 11.6). Thus a = crt +d ¢ Z, so that by Theorem 10.14, the lattice [1,7] has 
complex multiplication by an order O in an imaginary quadratic field. Furthermore, 
a{1,7] = [1,7] implies that a € O*. However, we know that O* = {+1} unless O = 
Ox for K = Q(i) or Q(w), w = e?"'/3 (see Exercise 11.6). Both of these orders have 
class number 1, so that [1,7] is homothetic to either (1, i] or [1,w]. Thus j’(7) =0 
implies that 7 is SL(2, Z)-equivalent to either i or w. 

When 7 is SL(2,Z)-equivalent to i, we may assume that 7 = i, and we need to 
show that j’(i) = 0 and j’’(i) 4 0. To prove the former, note that 


2793(7)? 


J(v) — 1728 = 1728 A(r) 
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In §10 we proved that g3(i) = 0, and j’(i) = 0 follows immediately. Now sup- 
pose that j’(i) = 0. Then i is at least a triple zero of j(7) — 1728, so that for 
w sufficiently near 1728, there are distinct points 7, 7’ and 7” near i such that 
d(r) = f(r’) = j(r”) = w. Then 7’ = y7, 7” = Y2T, where +/, +y, and +7 are all 
distinct elements of SL(2,Z). By Corollary 11.6, i = ‘y2i = i, so that at least 6 ele- 
ments of SL(2,Z) fix i. Since only 4 elements of SL(2,Z) fix i (see Exercise 11.6), 
we see that j”(i) 4 0. The case when 7 = w is similar and is left to the reader (see 
Exercise 11.6). Theorem 11.2 is proved. Q.E.D. 


The surjectivity of the j-function implies the following result used in §10: 


Corollary 11.7. Let > and g3 be arbitrary complex numbers such that g3 — 279% #0. 
Then there is a lattice L such that g2(L) = g2 and g3(L) = g3. 


Proof. Since the j-function is surjective and g3 — 2723 #0, there is 7 € h such that 
3 
. &2 
j(r) = 1728 ——-=——.. 
83 — 2783 


Arguing as in the proof of (10.11), this equation implies that there is a nonzero 
complex number X such that 


82 =X “g0(r7) 
B3= d~%g3(r). 
Using (10.10), it follows that L = A[1,7] is the desired lattice. Q.E.D. 


Since j(7) is invariant under SL(2,Z), we see that 


i+ =i((9 1)7) =a. 


This implies that j(7) is a holomorphic function in g = q(r) = e*”', defined in the 
region 0 < |g| < 1. Consequently j(7) has a Laurent expansion 


oo 
i) = Do eng’ 
n=—oo 


which is called the g-expansion of j(7). The following theorem will be used often in 
what follows: 


Theorem 11.8. The g-expansion of j(r) is 
1 1 2 
i(r)= gt 144 + 196884q ++ = 2 +S oeng’, 
n=0 


where the coefficients Cy are integers for alln > 0. 
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Proof. We will prove this in §12 using the Weber functions and the Weierstrass o- 
function. See Apostol [1, §1.15] or Lang [73, §4.1] for other proofs. Q.E.D. 


This theorem is the reason that the factor 1728 appears in the definition of the 
j-invariant: it’s exactly the factor needed to guarantee that all of the coefficients of 
the g-expansion are integers without any common divisor. 


B. Modular Functions for '9(m) 


One can define modular functions for any subgroup of SL(2,Z), but we will con- 
centrate on the subgroups '9(m) of SL(2,Z), which are defined as follows: if mis a 
positive integer, then 


Ty(m) = {(2 A € SL(2,Z) :c =0 mod mb 


Note that 'o(1) = SL(2, Z). Then a modular function for To(m) is a complex-valued 
function f(7) defined on the upper half plane h, except for isolated singularities, 
which satisfies the following three conditions: 


(i) f(T) is meromorphic on h. 
(ii) f(7) is invariant under To(m). 
(iii) f(7) is meromorphic at the cusps. 


By (ii), we mean that f(y7) = f(r) for all 7 € h andy € T'o(m). To explain (iii), more 
work is needed. Suppose that f(7) satisfies (i) and (ii), and take 7 € SL(2,Z). We 
claim that f(r) has period m. To see this, note that 7 +m = Ur, where U = (}7). 
An easy calculation shows that yU-y—! € T'9(m), and we then obtain 


f(y(t +m)) = f(yUT) = f(WUy'y7) = f(T) 


since f(r) is To(m)-invariant. It follows that if g = g(r) = e?'", then f(77) is a 
holomorphic function in q!/”, defined for 0 < |q!/"| < 1. Thus f(yr) has a Laurent 
expansion 


co 
fiyt) = ye an ge 
n=—CO 
which by abuse of notation we will call the g-expansion of f(y7). Then f(7) is 
meromorphic at the cusps if for all y € SL(2,Z), the g-expansion of f(77) has only 
finitely many nonzero coefficients for negative exponents. 

The basic example of such a function is given by j(7). It is holomorphic on h, 
invariant under SL(2,Z), and Theorem 11.8 implies that it is meromorphic at the 
cusps. Thus j(7) is a modular function for SL(2,Z) = 1o(1). The remarkable fact is 
that modular functions for both SL(2,Z) and ['o(m) are easily described in terms of 
the j-function: 
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Theorem 11.9. Let m be a positive integer. 


(i) j(7) is a modular function for SL(2,Z). Furthermore, every modular function 
for SL(2,Z) is a rational function in j(r). 


(ii) j(7) and j(mr) are modular functions for T9(m). Furthermore, every modular 
function for T9(m) is a rational function of j(r) and j(mr). 


Proof. Note that (i) is a special case of (ii). It is stated separately not only because 
of its independent interest, but also because it’s what we must prove first. 

Before beginning the proof, let’s make a comment about qg-expansions. Our defi- 
nition requires checking the g-expansion of f(yr) for all y € SL(2,Z). Since f(r) is 
T'o(m)-invariant, we actually need only consider the g-expansions of f(y;7), where 
the ;’s are right coset representatives of '9(m) C SL(2,Z). So there are only finitely 
many g-expansions to check. The nicest case is when f(r) is a modular function for 
SL(2,Z), for here we need only consider the g-expansion of f(r). 

We can now prove (i). We’ve seen that j(7) is a modular function for SL(2,Z), 
so we need only show that every modular function f(r) for SL(2,Z) is a rational 
function in j(7). We will begin by studying some special cases. We say that a mod- 
ular function f(7) is holomorphic at oo if its g-expansion involves only nonnegative 
powers of q. 


Lemma 11.10. 


(i) A holomorphic modular function for SL(2,Z) which is holomorphic at oo is 
constant. 


(ii) A holomorphic modular function for SL(2,Z) is a polynomial in j(r). 


Proof. To prove (i), let f(7) be the modular function in question. Since f(7) is holo- 
morphic at oo, we know that f(oo) = limim(;)oo f(T) exists as a complex number. 
We will show that f(§ U {00}) is compact. By the maximum modulus principle, this 
will imply that f(7) is constant. 

Let f(7%) be a sequence of points in the image. We need to find a subsequence 
that converges to a point of the form f(7) for some 7 € h U {oo}. Since f(r) is 
invariant under the action of SL(2,Z), we can assume that the 7;’s lie in the region 
R= {7 €h: |Re(7)| < 1/2, Im(r) > 1/2} (see Lemma 11.4). If the imaginary parts 
of the 7;’s are unbounded, then by the above limit, a subsequence converges to f (00). 
If the imaginary parts are bounded, then the 7;’s lie in a compact subset of }, and the 
desired subsequence is easily found. This proves (i). 

Turning to (ii), let f(7) be a holomorphic modular function for SL(2,Z). Its 
q-expansion has only finitely many terms with negative powers of qg. Since the q- 
expansion of j(7) begins with 1/g, it is easy to find a polynomial A(x) such that 
f(r) —A(j(7)) is holomorphic at 00. Since it is also holomorphic on , it is constant 
by (i). Thus f(7) is a polynomial in j(7), and the lemma is proved. Q.E.D. 


To treat the general case, let f(r) be an arbitrary modular function for SL(2,Z), 
possibly with poles on h. If we can find a polynomial B(x) such that B(j(r)) f(r) is 
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holomorphic on h, then the lemma will imply that f(7) is a rational function in j(7). 
Since f(r) has a meromorphic g-expansion, it follows that f(7) has only finitely 
many poles in the region R = {7 € §: |[Re(r)| < 1/2, Im(r) > 1/2}, and since 
f(r) is SL(2, Z)-invariant, Lemma 11.4 implies that every pole of f(7) is SL(2, Z)- 
equivalent to one in R. It follows that if B(j(r))f(7) has no poles in R, then it is 
holomorphic on b. 

Suppose that f(7) has a pole of order m at 7 € R. Then (j(7) — j(70))"f(r) is 
holomorphic at 79. In this way we can find a polynomial B(x) such that B(j(r)) f(r) 
has no poles in R. By the previous paragraph, we conclude that f(7) is a rational 
function in j(7), which completes the proof of part (i) of Theorem 11.9. 

To prove part (ii), it is trivial to show that j(7) is a modular function for ['o(m). 
As for j(mr), it is certainly holomorphic, and to check its invariance properties, let 
+ = (25) €To(m). Then 


Gas m(at+b)\ _ .f a-mr+bm 
ae we aay c/m-mr+d/)- 
Since -y € P'(m), it follows that +/ = (_7, 7) € SL(2,Z). Thus 


i(myr) = j(y'mr) = j(mr), 


which proves that j(mr) is [o(m)-invariant. 
In order to show that j(m7) is meromorphic at the cusps, we first relate [9(m) to 
the set of matrices 


com) ={ (6 2) :ad =m, a>0,0<b<d, goa(a,b,d) =1}. 


The matrix 09 = ( + € C(m) has two properties of interest: first, o9T = mT, and 
second, 
To(m) = (a9 'SL(2,Z) 09) NSL(2,Z) 


(see Exercise 11.8). Note that these two properties account for the 'o(m)-invariance 
of j(mr) proved above. More generally, we have the following lemma: 


Lemma 11.11. For o € C(m), the set 
(a9 'SL(2,Z)o) NSL(2,Z) 


is a right coset of To(m) in SL(2,Z). This induces a one-to-one correspondence 
between right cosets of '9(m) and elements of C(m). 


Proof. See Exercise 11.8. Q.E.D. 


This lemma implies that [SL(2,Z) : To(m)] = |C(m)|. One can also compute the 
number of elements in C(m); the formula is 


Ic(m)| =m] (14) 


p|m 
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(see Exercise 11.9), and thus the index of C9(m) is SL(2,Z) is mJ],,,,(1 + 1/p). 

We can now compute some q-expansions. Fix y € SL(2,Z), and choose o € C(m) 
so that + lies in the right coset corresponding to o in Lemma 11.11. This means that 
oo7 = yo for some ¥ € SL(2,Z), and hence j(myr) = j(aoyT) = j(yor) = j(oT) 
since j(7) is SL(2, Z)-invariant. Hence 


(11.12) j(myr) = j(oT). 


Let o = (44). We know from Theorem 11.8 that the g-expansion of j(r) is 


1 oe) 
ir) =o + Dena", Cn € Z, 
n=0 


and since or = (ar + b)/d, it follows that 


q(or) = etilart+b)/d eerib/a q’/d. 


2ni/m 


If we set ¢,, =e , we can write this as 


q(or) = Ge(gimy@ 


since ad = m. This gives us the g-expansion 
(11.13) i(myr) = j(or) = Sins + Lac Ca gli® 4 an Cn EZ. 


There are only finitely many negative exponents, which shows that j(m7) is mero- 
morphic at the cusps, and thus j(m7) is a modular function for Po(m). 

The next step is to introduce the modular equation ®,,(X,Y). Let the right cosets 
of To(m) in SL(2,Z) be To(m)+, i= 1,...,|C(m)|. Then consider the polynomial 
in X 

IC(m)| 


®,,(X,7) = Ibe j(myit)). 


We will prove that this expression is a polynomial in X and j(7). To see this, consider 
the coefficients of ®,,(X,7). Being symmetric polynomials in the j(m7y;7)’s, they are 
certainly holomorphic. To check invariance under SL(2, Z), pick 7 € SL(2,Z). Then 
the cosets [o(m)yi7y are a permutation of the '9(m)+;’s, and since j(m7) is invariant 
under ['9(m), the j(m7;,yT)’s are a permutation of the j(my;7T)’s. This shows that 
the coefficients of ®,,(X,7) are invariant under SL(2,Z). 

We next have to show that the coefficients are meromorphic at infinity. Rather 
than expand in powers of q, it suffices to expand in terms of g!/" = e?7'7/" and 
show that only finitely negative exponents appear. 

By (11.12), we know that j(my;r) = j(oT) for some o € C(m), and then (11.13) 
shows that the q-expansion for j(m7;T) has only finitely many negative exponents. 
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Since the coefficients are polynomials in the j(m7;T)’s they clearly are meromorphic 
at the cusps. 

This proves that the coefficients of ®,,(X,7) are holomorphic modular functions, 
and thus, by Lemma 11.10, they are polynomials in j(7). This means that there is a 
polynomial 

®,,(X,Y) € C[X,Y] 


such that 


|C@n)| 


(11.14) &,,(X,i(r)) = [] & — sem). 


i=1 


The equation ®,, (X,Y) = 0 is called the modular equation, and by abuse of terminol- 
ogy we will call ,,(X,¥) the modular equation. Using some simple field theory, it 
can be proved that ©,,(X ,Y) is irreducible as a polynomial in X (see Exercise 11.10). 

By (11.12), each j(m;T) can be written j(o7) for a unique o € C(m). Thus we 
can also express the modular equation in the form 


(11.15) &,(X,i(r))= [] &-J(7)). 


aoEC(m) 
Note that j(m7) is always one of the j(7)’s since (9) € C(m). Hence 


©,,(j(mr), j(T)) = 0, 


which is one of the important properties of the modular equation. Note that the 
degree of ®,,(X,Y) in X is |C(m)|, which we know equals m],,,,(1 + 1/p). 

Now let f(7) be an arbitrary modular function for [o(m). To prove that f(r) is a 
rational function in j(7) and j(m7), consider the function 


IC(n)| 


f(viT) 
G(X,7) = PnlXiT)) 2 = meat) iia) 
(11.16) ci 
a2 fur) |] & - iry7) 
j#i 


This is a polynomial in X, and we claim that its coefficients are modular functions 
for SL(2,Z). The proof is similar to what we did for the modular equation, and the 
details are left to the reader (see Exercise 11.11). But once the coefficients are mod- 
ular functions for SL(2,Z), they are rational functions of j(7) by what we proved 
above. Hence G(X,7) is a polynomial G(X, j(r)) € C(j(7))[X]. 

We can assume that +; is the identity matrix. By the product rule, we obtain 


So" (slr), (7) = [] lene) — jlomayr)). 


JAI 
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Thus, substituting X = j(mr) in (11.16) ce 


G(j(mr), (7) = f(r an ye (lm), j(7))- 


Now 9,,(X, j(7)) is irreducible (see Exercise 11.10) and hence separable, so that 
(0/OX)® cnn): j(v)) #0. Thus we can write 

G(ji(mr), j(T 

(11.17) f(r) = GD 
ox" (mr), i(7)) 

which proves that f(r) is a rational function in j(7) and j(mr), This completes the 
proof of Theorem 11.9. Q.E.D. 


There is a large literature on modular functions, and the reader may wish to con- 
sult Apostol [1], Koblitz [67], Lang [73] or Shimura [90] to learn more about these 
remarkable functions. 


C. The Modular Equation ®,,(X,Y) 


The modular equation, as defined by equations (11.14) or (11.15), will play a cru- 
cial role in what follows. In particular, we will make heavy use of the arithmetic 
properties of ®,,(X,Y), which are given in the following theorem: 


Theorem 11.18. Let m be a positive integer. 
(i) ®, (X,Y) € Z[X,Y]. 
(ii) ®,,(X,Y) is irreducible when regarded as a polynomial in X. 
(iii) ®,,(X,Y) = ®,(¥,X) ifm> 1. 


(iv) Ifm is not a perfect square, then ®,,(X ,X ) is a polynomial of degree > 1 whose 
leading coefficient is +1. 


(v) If mis a prime p, then ®,(X,Y) = (X” —Y)(X —Y°) mod pZ[X,Y]. 


Proof. To prove (i), it suffices to show that an elementary symmetric function f(T) 
in the j(aT)’s, a € C(m), is a polynomial in j(7) with integer coefficients. We begin 
by studying the g-expansion of f(7) in more detail. 

Let ¢,, = e?7/". By (11.13), each j(o7) lies in the field of formal meromorphic 
Laurent series Q(¢,,)((q!/")), and since f(r) is an integer polynomial in the j(o7)’s, 
f(r) also lies in Q(C,,) ((q!/™)). 

We claim that f(r) is contained in the smaller field Q((q'/”)). To see this, we 
will use Galois theory. An automorphism w € Gal(Q(¢,,)/Q) determines an auto- 
morphism of Q(<,,)((q'/”)) by acting on the coefficients. Given = (25) €C(m), 
let’s see how w affects j(o7). We know that w(¢,,) = C* for some integer k relatively 
prime to m, and from (11.13), it follows that 


v(j(or)) = me * Dewan") n 


( 
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since all of the c,’s are integers. Let b’ be the unique integer 0 < b’ < d such that 
b! = bk mod d. Since ad = m, we have ¢%* = ¢ , and consequently the above 
formula can be written 


—ab’ 


W(j(or ))= me Gime + ac Cabin qi/”) an 


If we let o’ = (¢ A ), then o’ € C(m), and (11.13) implies that 


p(i(or)) = j(o'r). 


Thus the elements of Gal(Q(¢,,)/Q) permute the j(o7)’s. Since f(r) is symmetric 
in the j(oT)’s, it follows that f(r) € Q((q!/")). 

We conclude that f(7) € Z((q)) since the g-expansion of f(7) involves only in- 
tegral powers of qg and the coefficients of the g-expansion are algebraic integers. It 
remains to show that f(r) is an integer polynomial in j(7). By Lemma 11.10, we can 
find A(X) € C[X] such that f(r) = A(j(7)). Recall from the proof of Lemma 11.10 
that A(X) was chosen so that the g-expansion of f(7) —A(j(7)) has only terms of 
degree > 0. Since the expansions of f(7) and j(7) have integer coefficients and 
i(r) = 1/q+---, it follows that A(X) € Z[X]. Thus f(r) = A(j(7)) is an integer 
polynomial in j(7), and (i) is proved. 

We should mention that the passage from the coefficients of the g-expansion to 
the coefficients of the polynomial A(X) is a special case of Hasse’s g-expansion 
principle—see Exercise 11.12 for a precise formulation. 

A proof of (ii) is given in Exercise 11.10, and a proof of (iii) may be found in 
Lang [73, §5.2, Theorem 3]. 

Turning to (iv), assume that m is not a square. We want to study the leading term 
of the integer polynomial ®,,(X,X). Replacing X with j(r), it suffices to study the 
coefficient of the most negative power of gq in the q-expansion of ©,,(j(7), j(7)). 
However, given o = (4%) € C(m), (11.13) tells us that 


: _ 3 2 1 =f Gat = 1/myn 
(11.19) i(r)-i(or) = +) od,(q'/") 


for some coefficients d,. Since m is not a perfect square, we know that a # d, i.e., 
a/d #1. Thus the coefficient of the most negative term in (11.19) is a root of unity. 
By (11.15), ®n(j(7), j(7)) is the product of the factors (11.19), so that the coefficient 
of the most negative power of q in ®,,(j(7), j(7)) is also a root of unity. But this 
coefficient is an integer, and thus it must be +1, as claimed. 

Finally, we turn to (v). Here, we are assuming that m = p, where p is prime. Let 
Cp =e"'/P. We will use the following notation: given f(r) and g(r) in Z[C,]((q'/”)) 
and a € Z[¢,,], we will write 


f(r) =a(r) moda 


to indicate that f(r) — g(r) € aZ[¢,]((q'/?)). 
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Since p is prime, the elements of C(p) are easy to write down: 


1 i 4 
a= (5 ay i=0,...,p-1 
0 
al '): 


If0 <i< p—1, then (11.13) tells us that 


1 CO 
in¢_4) = 1 
i(oit) = ray eacigl?)! "= ae t ew /?)" mod 1 —¢,, 
n=0 n=0 
which implies that 
(11.20) J(aiT) = j(oor) mod 1—¢, 


for 0 <i< p—1. Turning to j(o)7), here (11.13) tells us that 


i(opT) = 4+3e gq", 


n=0 


and since c? =c, mod p, it follows easily that 
J(OpT) = j(r)? mod p. 


Since | —¢, divides p in ZI¢,1 (see Exercise 11.13), the above congruence can be 
written 


(11.21) I(T) = j(r)? mod 1 — ¢,. 


Then (11.20) and (11.21) imply that 


#)(X,i(7)) = |] — soir) 


= (X — j(oor))?(X — j(r)?) mod 1~¢, 
X? — j(ooT)”)(X — j(r)?) mod | —¢,, 


where we are now working in the ring Z[¢,] ((q'/?))[X]. However, the argument used 
to prove (11.21) is easily adapted to prove that 


J(v) = j(oor)? mod 1 = Gy 
(see Exercise 11.14), and then we obtain 


p(X, j(7)) = (X? — i(r))(X — j(r)’) mod 1 — ¢,,. 
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The two sides of this congruence lie in Z((q))|X], so that the coefficients of the 
difference are ordinary integers divisible by 1 ~ ¢, in the ring Z\¢,|- This implies 
that all of the coefficients are divisible by p (see Exercise 11.13), and thus 


®,(X, j(r)) = (X? — j(r))(X — j(r)?) mod pZ((q))[X]. 
Then the Hasse g-expansion principle (used in the proof of (i)) shows that 
®,(X,Y) = (X? —Y)(X —Y?) mod pZ[X,Y], 


as desired (see Exercise 11.15). The above congruence was first discovered by Kro- 
necker (in a slightly different context) and is sometimes called Kronecker’s congru- 
ence. This completes the proof of Theorem 11.18. Q.E.D. 


The properties of the modular equation are straightforward consequences of the 
properties of the j-function, which makes the modular equation seem like a reason- 
able object to deal with. This is true as long as one works at the abstract level, but as 
soon as one asks for concrete examples, the situation gets surprisingly complicated. 
For example, when m = 3, Smith [94] showed that 63(X,Y) is the polynomial 


X(X+25 3S) +7 (V 42% 3-5)? 42°. 3? 31 X7¥7 (XY) 
(11.22) — X3y3 —2?.33.9907XY¥(X7 + ¥7) +2-3*- 13-193 -6367X?Y? 
+2'6.35.53.17-263X¥(X +Y) —23!.5°.22973XY. 
The modular equation ®,,(X,Y) has been computed for m = 5, 7 and 11 (see Her- 
mann [53] and Kaltofen and Yui [66]), and in §13 we will discuss the problem of 
computing ©,,(X,Y) for general m. 
Before we can apply the modular equation to complex multiplication, one task 
remains: we need to understand the modular equation in terms of j-invariants of 


lattices. The basic idea is that if L is a lattice, then the roots of ®,,(X, j(L)) = 0 are 
given by the j-invariants of those sublattices L’ c L which satisfy: 


(i) L’ is a sublattice of index m in L, i.e., [L: L'] = m. 
(ii) The quotient L/L’ is a cyclic group. 


In this situation, we say that L’ is a cyclic sublattice of L of index m. Here is the 
precise statement of what we want to prove: 


Theorem 11.23. Let m be a positive integer. If u, v € C, then ®,,(u,v) = 0 if and 
only if there is a lattice L and a cyclic sublattice L' C L of index m such that u = j({L') 
and v = j(L). 


Proof. We will first study the cyclic sublattices of the lattice [1,7], 7 € : 
Lemma 11.24. Let + € h, and consider the lattice [1,7]. 


(i) Given a cyclic sublattice L’ C [1,7] of index m, there is a unique o = (6°) € 
C(m) such that L’ = d{1,o7]. 
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(ii) Conversely, if o = (4%) € C(m), then d{1,o7] is acyclic sublattice of [1,7] of 
index m. 


Proof. First recall that C(m) is the set of matrices 


C(m) = {(32) :ad=m, a>0, 0<b<d, ged(a,b,d) = 1}. 


A sublattice L’ C L = {1,7] can be written L’ = [ar + b,cr +d], and in Exer- 
cise 7.15 we proved that [L : L’] = |ad — bc| = m. Furthermore, a standard argument 
using elementary divisors shows that 


(11.25) L/L’ is cyclic <=> gced(a,b,c,d) =1 


(see, for example, Lang [73, pp. 51-52]). Another proof of (11.25) is given in Exer- 
cise 11.16. 

Now suppose that L’ Cc [1,7] is cyclic of index m. If d is the smallest positive 
integer contained in L’, then it follows easily that L’ is of the form L’ = [d,at + b] 
(see Exercise 11.17). We may assume that a > 0, and then ad = m. However, if k is 
any integer, then 


L' = |d, (at +b) + kd] = [d,ar + (b+kd)}, 


so that by choosing k appropriately, we can assume 0 <b < d. We also have 
gcd(a,b,d) = 1 by (11.25), and thus the matrix ¢ = (44) lies in C(m). Then 


L’ = [d,ar +b] = d[1, (at +b)/d] = [1,07] 


shows that L’ has the desired form. It is straightforward to prove that o € C(m) is 
uniquely determined by L’ (see Exercise 11.17), and (i) is proved. 
The proof of (ii) follows immediately from (11.25), and we are done. Q.E.D. 


By this lemma, the j-invariants of the cyclic sublattices L’ of index m of [1,7] are 
given by 
JL’) = j(all,o7}) = j((L,e7]) = jor). 


By (11.15), it follows that the roots of ®,,(X, j(7)) = 0 are exactly the j-invariants 
of the cyclic sublattices of index m of [1,7]. It is now easy to complete the proof of 
Theorem 11.23 (see Exercise 11.18 for the details). Q.E.D. 


D. Complex Multiplication and Ring Class Fields 


To prove Theorem 11.1, we will apply the modular equation to lattices with complex 
multiplication. The key point is that such lattices have some especially interesting 
cyclic sublattices. To construct these sublattices, we will use the notion of a primitive 
ideal. Given an order O, we say that a proper O-ideal is primitive if it is not of the 
form da where d > | is an integer and a is a proper O-ideal. Then primitive ideals 
give us cyclic sublattices as follows: 
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Lemma 11.26. Let © be an order in an imaginary quadratic field, and let 6 be a 
proper fractional O-ideal. Then, given a proper O-ideal a, ab is a sublattice of b of 
index N(a), and ab is a cyclic sublattice if and only if a is a primitive ideal. 


Proof. Replacing b by a multiple, we can assume that b C O. Then the exact se- 
quence 


0 — b/ab — O/ab — O/b —0 


implies that [b : ab]N(b) = N(ab) = N(a)N(b), and [b : ab] = N(a) follows. 

Now assume that b/ab is not cyclic. By part (a) of Exercise 11.16, it follows that 
b/ab contains a subgroup isomorphic to (Z/dZ)? for some d > 1, so that there is a 
sublattice ab C 6’ C b such that b’/ab ~ (Z/dZ)?. Since b’ is rank 2, this implies 
that ab = db’, and then a = db’b—!. But b’6—! C O since b’ C b, which shows that 
ais not primitive. 

The converse, that a not primitive implies that b/ab not cyclic, is even easier to 
prove, and is left to the reader (see Exercise 11.19). This completes the proof of the 
lemma. Q.E.D. 


When we apply this lemma, a will often be a principal ideal a = aO, a € O. 
In this case, aO is primitive as an ideal if and only if a is primitive as an element 
of O (which means that a is not of the form d8 where d > 1 and G € ©). Since 
N(a) = N(aO) by Lemma 7.14, we get the following corollary of Lemma 11.26: 


Corollary 11.27. Let O and b be as above. Then, given a € O, ab is a sublattice of 
b of index N(a), and ab is a cyclic sublattice if and only if a is primitive. Q.E.D. 


We are now ready to prove Theorem 11.1, the “First Main Theorem” of complex 
multiplication. 


Proof of Theorem 11.1. Let a be a proper fractional O-ideal, where © is an order in 
an imaginary quadratic field K. We must prove that j(a) is an algebraic integer and 
that K(j(a)) is the ring class field of O. We will follow the proof given by Deuring 
in (24, §10]. 

Let’s first use the modular equation to prove that j(a) is an algebraic integer. The 
basic idea is quite simple: let a € O be primitive so that by the above corollary, aa 
is a cyclic sublattice of a of index m = N(a). Then, by Theorem 11.23, we know 
that 


0 = On(j(aa), j(a)) = Om(F(a), j(a)) =0 


since j(aa) = j(a). Thus j(a) is a root of the polynomial ®,,(X,X). Since ®,,(X,Y) 
has integer coefficients (part (i) of Theorem 11.18), this shows that j(a) is an al- 
gebraic number. Furthermore, if we can pick a so that m = N(aq) is not a perfect 
square, then the leading coefficient of ®,,(X,X) is +1 (part (iv) of Theorem 11.18), 
and thus j(a) will be an algebraic integer. So can we find a primitive a € O such 
that N(a) is not a perfect square? We will see below in (11.28) that O has lots of a’s 
such that N(q) is prime. Such an a is certainly primitive of nonsquare norm. For a 
more elementary proof, let f be the conductor of O. By Lemma 7.2, O = (1, fwxl, 
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wx = (dx + Vdx)/2. Then a = fw is primitive in O, and one easily sees that its 
norm N(q) is not a perfect square (see Exercise 11.20). 

Let L denote the ring class field of O. In order to prove L = K(j(a)), we will 
study how integer primes decompose in L and K(j(a)). We will make extensive use 
of the results of §8, especially Proposition 8.20. As usual, f and D will denote the 
conductor and discriminant of O. 

Let’s first study how integer primes behave in the ring class field L. Let S;,q@ be 
the set of primes that split completely in L. We claim that 


(11.28) Sig = {p prime: p = N(q) for some a € O}. 


(As noted above, this shows that there are a’s in O with N(a) prime.) When D = 0 
mod 4, then O = Z[,/—n] for some positive integer n. Thus N(a) = N(x +y/—n) = 
x’ +-ny’, so that (11.28) says, with finitely many exceptions, that the primes splitting 
completely in L are those represented by x* + ny. This was proved in Theorem 9.4. 
The case when D = 1 mod 4 is similar and was covered in Exercise 9.3. Hence we 
have proved (11.28). 

Let M = K(j(a)). Since L is Galois over Q by Lemma 9.3, part (i) of Proposi- 
tion 8.20 shows that M C L is equivalent to 


(11.29) S1/Q C Sy: 


Take p € S;/g, and assume that p is unramified in M (this excludes only finitely 
many p’s). By (11.28), p = N(a) for some a € O. Then aa C ais a sublattice of 
index N(a) = p, and is cyclic since p is prime. Thus 


0 = ,(j(aa), j(a)) = ®p(i(a), (a). 
Using Kronecker’s congruence from part (v) of Theorem 11.18, this implies that 
0= &,(j(a), j(a)) = —(j(a)? — j(a))? + pB 


for some 8 € Oy. Now let $B be any prime of M containing p. The above equation 
then implies that 


(11.30) j(a)? = j{a) mod B. 
We claim the following: 
(i) Ox[j(a)] C Oy has finite index. 
(ii) If pt [Om : Ox[j(a)]], then (11.30) implies that a? = a mod F for all a € Oy. 


The proof of (i) is a direct consequence of M = K(j(a)) and is left to the reader 
(see Exercise 11.21). As for (ii), note that p splits completely in L, so that it splits 
completely in K, and hence p € p C $B for some ideal p of norm p. This implies that 
a? = a mod ¥ holds for all a € Ox, and consequently the congruence holds for all 
a € Ox[j(a)| by (11.30). Then (ii) follows easily (see Exercise 11.21). 
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From (ii) it follows that f3;, = 1, and since this holds for any 8 containing p, we 
see that p splits completely in M. This proves (11.29), and M C L follows. 

The inclusion M = K(j(a)) C L shows that the ring class field L contains the j- 
invariants of all proper fractional O-ideals. Let h = h(O), and let a;, i= 1,...,h be 
class representatives for C(O). It follows that any j(a) equals one of j(a1),..., j(an), 
and furthermore j(a;),...,j(a,) are distinct. Thus 


(11.31) A = [[(i(a) — i(a,)) 


i<j 


is a nonzero element of O;. 

To prove the opposite inclusion L C M, we will use the criterion Si / CS, /Q 
from part (ii) of Proposition 8.20. So let p € Sa /Q, Which means that p is unramified 
in M and fo|, = 1 for some prime ‘8 of M containing p. In particular, this implies 
that p splits completely in K, and thus p = N(p) for some prime ideal of O. Then 
Proposition 7.20 tells us that p = N(pMO) (we can assume that p doesn’t divide 
f—this excludes finitely many primes). If we can show that pM O is a principal 
ideal aO, then p = N(q) implies that p € S;/q by (11.28). We may assume that p 
is relatively prime to the element A of (11.31). 

Let a’ = (pNO)a. Since pNO has norm p, a’ C a is a sublattice of index p by 
Lemma 11.26, and it is cyclic since p is prime. Thus ®,(j(a’), j(a)) = 0. Using 
Kronecker’s congruence again, we can write this as 


O= &)(j(a’), (a) = Gia")? — j(a))((@’) — i(a)?) + pOCI(a’), j()) 


for some polynomial Q(X,Y) € Z[X,Y]. Let $8 be a prime of L containing P. Since 
j(a’) and j(a) are algebraic integers lying in L, the above equation implies that 
pQ(i(o’), j(a)) € PB. Thus 


(11.32) j(a’)? = j(a) mod = or ~——sj(a’) = j(a)? mod FP. 


However, we also know fy|, = 1, which tells us that j(a)? = j(a) mod §f, and since 
3 CP, we obtain 


(11.33) i(a)? = j(a) mod f. 
It is straightforward to show that (11.32) and (11.33) imply 
j(a) = j(a’) mod §. 


If a and a’ lay in distinct ideal classes in C(O), then j(a) — j(a’) would be one of 
the factors of A from (11.31), and p and A would not be relatively prime. This 
contradicts our choice of p, so that a and a’ = (pO©)a must lie in the same ideal 
class in C(O). This forces pO to be a principal ideal, which as we showed above, 
implies that p € S;/g. Thus Sy CS&, /Q, Which completes the proof that L = M. 
Theorem 11.1 is proved. Q.E.D. 
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As an application of Theorem 11.1, let’s see what it tells us about the Abelian 
extensions of an imaginary quadratic field K. First, we know that the Hilbert class 
field of K is the ring class field of the maximal order Ox. Thus we get the following 
corollary of Theorem 11.1: 


Corollary 11.34. If K is an imaginary quadratic field, then K{j(Ox)) is the Hilbert 
class field of K. Q.E.D. 


Besides the Hilbert class field, Theorem 11.1 also allows us to describe other 
Abelian extensions of K. Recall that in Theorem 9.18 we proved that an Abelian 
extension of K is generalized dihedral over Q if and only if it lies in some ring class 
field of K. Combining this with Theorem 11.1, we get the following result: 


Corollary 11.35. Let K be an imaginary quadratic field, and let K C L be a finite 
extension. Then L is an Abelian extension of K which is generalized dihedral over Q 
if and only if there is an order O in K such that L C K(j(O)). Q.E.D. 


To complete our discussion of ring class fields and complex multiplication, we 
need to compute the Artin map of a ring class field using j-invariants. The answer is 
given by the following theorem: 


Theorem 11.36. Let O be an order in an imaginary quadratic field K, and let L be 
the ring class field of O. If a is a proper fractional O-ideal and p is a prime ideal of 
Ox, then 
(AE) i@) = 1670o), 

Proof. For analytic proofs, see Deuring [24, §15], Lang [73, Chapter 12, §3] or 
Cohn [21, §11.2], while algebraic proofs (which use the reduction theory of elliptic 
curves) may be found in Lang [73, Chapter 10, §3] or Shimura [90, §5.4]. We will 
use this theorem (in the guise of Corollary 11.37 below) in §12 when we compute 
some j-invariants, though our discussion of the class equation in §13 will use only 
Theorem 11.1. Q.E.D. 


In terms of the ideal class group, Theorem 11.36 can be stated as follows: 


Corollary 11.37. Let O be an order in an imaginary quadratic field K, and let L be 
the ring class field of O. Given proper fractional O-ideals a and b, define o,(j(6)) 
by the formula 


a(j(b)) = j(ab). 


Then Gq is a well-defined element of Gal(L/K), and a> oq induces an isomorphism 
C(O) —> Gal(L/K). 


Proof. This is a straightforward consequence of Theorem 11.36 and the isomor- 
phisms 


C(O) ~ (0, f)/P(O, f) = I(f)/Px,2(f), 
where f is the conductor of O. See Exercise 11.22 for the details. Q.E.D. 
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The “First Main Theorem” of complex multiplication allowed us to describe some 
of the Abelian extensions of K, namely those which are generalized dihedral over Q. 
The “Second Main Theorem” of complex multiplication answers the question of 
how to describe all Abelian extensions of K. By class field theory, every Abelian 
extension lies in a ray class field for some modulus m of K, so that we need only find 
generators for the ray class fields of K. Rather than work with an arbitrary modulus 
m, we will describe the ray class fields only for moduli of the form NOx, where N is 
a positive integer. It is easy to see that any Abelian extension of K lies in such a ray 
class field (see Exercise 11.23). 

The basic idea is that the ray class field of NOx is obtained by adjoining, first, 
the j-invariant j(L) of some lattice L, and second, some values of the Weierstrass 
y-function evaluated at N-division points of the lattice L, i.e., if L = [a, 8], then we 
use 


(11.38) p( 725" 1) 


for suitable m and n. The observation that (11.38) generates Abelian extensions of K 
goes back to Abel. The problem is that these values aren’t invariant enough: if we 
multiply the lattice by a constant, the j-invariant remains the same, but the values 
(11.38) change. To remedy this problem, we introduce a variant of the Weierstrass 
go-function called the Weber function. Given the lattice L, the Weber function h(z;L) 
is defined by 


2 
Ty e@L? —ifg(L) =0 
A(z;L) = a »(z;L)° if go(L) =0 
aces go(z;L) otherwise, 


where A(L) = g2(L)? — 2793(L)?. It is easy to check that h(Az; AL) = h(z;L) for all 
» € C* (see Exercise 11.24). 

We can now state the “Second Main Theorem” of class field theory, which uses 
singular j-invariants and the Weber function to generate ray class fields: 


Theorem 11.39. Let K be an imaginary quadratic field of discriminant dx, and let 
N be a positive integer. 


(i) K(j(Ox),h(1/N;Ox)) is the ray class field for the modulus NOx. 


(ii) Let O be the order of conductor N in K. Then K(j(O), h(wx;O)), where wx = 
(dx + Vdx)/2, is the ray class field for the modulus NOx. 


Proof. Notice that in each case we obtain the ray class field by adjoining the j- 
invariant of a lattice and the Weber function of one N-division point. The proof of 
(i) may be found in Deuring [24, §26] or Lang [73, §10.3, Corollary to Theorem 7], 
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and the proof of (ii) follows from Satz 1 of Franz [37]. These references also explain 
how to generate the ray class field of an arbitrary modulus m of K. Q.E.D. 


The theory of complex multiplication, even in the one variable case described 
here, is an active area of research. See, for example, the books Elliptic Functions 
and Rings of Integers {15] by Cassou-Nogués and Taylor and Arithmetic on Elliptic 
Curves with Complex Multiplication [45] by Gross. 


E. Exercises 


11.1. This exercise will study j-invariants and complex conjugation. 


(a) Let L be a lattice, and let L denote the lattice obtained by complex con- 
jugation. Prove that g2(Z) = g2(L),g3(L) = g3(L) and j(L) = j(L). 

(b) Let a be a proper fractional O-ideal, where O is an order in an imaginary 
quadratic field. Show that j(a) is a real number if and only if the class 
of a has order < 2 in the ideal class group C(O). Hint: use (a) and 
Theorem 10.9. 


One consequence of (b) is that j(O) is real for any order O. 
11.2. If r € h and y = (45) € SL(2Z), then show that 


nan at+b 
~ ertd 


also lies in h. This shows that SL(2, Z) acts on h. Hint: use (7.9). 


11.3. Let 7 satisfy |Re(r)| < 1/2 and Im(r) > €, where € < 1 is fixed. Our goal is 
to show that for x, y € R, 


tyr] > 5 VP +9. 


If we let rT = a + bi, then the above is equivalent to 
2 
(x+ay)*+b*y? > Se? +y’). 
(a) Show that the inequality is true when |x + ay| > (€/2)|x]. 
(b) When |x + ay| < (€/2)|x|, use |a] < 1/2 and € < 1 to show that |x| < |y]. 
(c) Using (b), show that the inequality is true when |x + ay| < (€/2)|x]. 


11.4. In Lemma 11.4 we showed that every point of h is SL(2,Z)-equivalent to a 
point in the region {7 €  : [Re(7)| < 1/2, Im(r) > 1/2}. In this exercise we 
will study the smaller region 

F = {7 €§: |Re(r)| < 1/2, |r| > 1, and 
Re(r) > 0 if |Re(r)| = 1/2 or |r| = 1}, 
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and we will show that every point of h is SL(2, Z)-equivalent to a unique point 
of F. This is usually expressed by saying that F is a fundamental domain for 
the action of SL(2,Z) on . Our basic tool will be positive definite quadratic 
forms f(x,y) = ax* +bxy+cy*, where we allow a, b and c to be real numbers. 
We say that two such forms f(x,y) and g(x,y) are R+-equivalent if there is 
(22) € SL(2,Z) such that 


f(x,y) = Ag(px+ ay, rx + sy) 
for some \ > 0 in R. We also say that f(x,y) = ax? + bxy + cy’ is reduced if 
a<|b| <c, and b> 0 if a=|d| or |b| =c. 
This is consistent with the definition given in §2. 
(a) Show that Rt-equivalence of positive definite forms is an equivalence 


relation. 


(b) Show that every positive definite form is R*-equivalent to a reduced 
form, and that two reduced forms are R* -equivalent if and only if one is 
a constant multiple of the other. Hint: see the proof of Theorem 2.8. 

(c) Show that every positive definite form f(x,y) = ax* + bxy + cy* can be 
written uniquely as f(x,y) =a|x—y|*, where 7 € h. In this case we say 
that 7 is the root of f(x, y) (this is consistent with the terminology used 
in §7). Furthermore, show that b = 2aRe(r) and c = ar}. 

(d) Show that two positive definite forms are R*-equivalent if and only if 
their roots are SL(2, Z)-equivalent. Hint: see the proof of (7.8). 


(e) Show that a positive definite form is reduced if and only if its root lies in 
the fundamental domain F. 


(f) Conclude that every 7 € § is SL(2, Z)-equivalent to a unique point of F. 
This exercise shows that there is a remarkable relation between reduced forms 
and fundamental domains. Similar considerations led Gauss (unpublished, of 


course) to discover the idea of a fundamental domain in the early 1800s. See 
Cox [23] for more details. 


11.5. In this exercise we will prove Lemma 11.5 and Corollary 11.6. 


(a) Let M and ¢ be positive constants, and define K C h by 
K = {r €h: |Re(r)| < M, € < Im(r) < 1/e}. 


We want to show that the set A(K) = {y € SL(2,Z) : y(K) NK # 9} is 
finite. So take y = (e 5) € A(K), which means that there is 7 € K such 
that 7 € K. If we can bound |al, |b], |c| and |d| in terms of M and e, then 
finiteness will follow. 


(i) Use (7.9) to show that |cr +d] < 1/e. 


222 


§11. MODULAR FUNCTIONS AND RING CLASS FIELDS 


(ii) Use |er + d|? = (cRe(r) +d)? +c7Im(r)* to show that |c| < 1/e? 
and |d| < (e+ M)/e?. 

(iii) Show that y~' € A(K) By (ii), this implies that |a| < (e+ M)/e?. 

(iv) Show that |b| < |cr + d]|yr| + |a||7|. Conclude that |b] is bounded 
in terms of M and «. 

(b) Use (a) to show that if U is a neighborhood of 7 € h such that U C b is 
compact, then {7 € SL(2,Z) : y(U)NU # 9} is finite. This will prove 
Lemma 11.5. 


(c) Prove Corollary 11.6. 


11.6. This exercise is concerned with the proof of part (iv) of Theorem 11.2. 


(a) Suppose that y = (24) € SL(2,Z) and that yr = 7 for some t € h. We 
saw in the text that this implies [1,7] = (cr + d)[1,7]. Prove that c 4 0. 
Hint: show that c = 0 implies 7 = +(}). But such a with m # 0 has 
no fixed points on 6. 

(b) Let © be an order in an imaginary quadratic field such that O* # {+1}. 
Prove that O = Ox for K = Q(i) or Q(w), w = e?*/3. Hint: when O = 
Ox, see Exercise 5.9. See also Lemma 7.2. 

(c) Show that the only elements of SL(2, Z) fixing iare +(}9) and +(_? 4). 
Hint: use (a). 

(d) If w = e?*'/3, show that j’(w) = j”(w) =0 but j’”"(w) 4 0. 


11.7. Let f(7) be a modular function for SL(2, Z). 


(a) If f(7) has a pole of order m at i, then prove that m is even. Hint: write 
S (7) =8(7)/(7 — i)”, where g(7) is holomorphic and nonvanishing at i. 
Note that iis fixed by (_} 4). 


(b) If f(r) has a pole of order m at rT =w, w = e?”/3, then prove that m is 


divisible by 3. Hint: argue as in part (a). Note that w is fixed by (3 aye 


11.8. As in the proof of Theorem 11.9, let 


To(m) = { (< 4 € SL(2,Z) :c = 0 mod m} 


cm) = 4 (4 4) 10d =m, a>0,0<b<d, goa(a,bd)=1}, 


and let a9 = (7°) €C(m). 


(a) Show that To(m) = (a9 'SL(2,Z) a0) NSL(2,Z). 


(b) If o € C(m), then show that (a9 'SL(2,Z)o) NSL(2,Z) is a coset of 
T'o(m) in SL(2,Z). 


11.9. 


11.10. 
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(c) In the construction of part (b), show that different o’s give different 
cosets, and that all cosets of P'9(m) in SL(2, Z) arise in this way. 


Let m be a positive integer, and let Y(m) denote the number of triples (a, b, d) 
of integers which satisfy ad = m, a > 0,0 < b < d and gcd(a,b,d) = 1. Thus 
W(m) = |C(m)|, where C(m) is the set of matrices defined in the previous 
exercise. The goal of this exercise is to prove that 


U(m) =m] (1+4). 


p\|m 


(a) If we fix a positive divisor d of m, then a = m/d is determined. Show 
that the number of possible b’s for this d is given by 


d 


mani 


where ¢ denotes the Euler ¢-function. 


(b) Use the formula of (a) to prove that Y(m) is multiplicative, i.e., that if 
m, and mz are relatively prime, then Y (mm ,m2) = U(m,)U(m). 


(c) Use the formula of (a) to prove that if p is a prime, then 
U(p") = p+. 
(d) Use (b) and (c) to prove the desired formula for U(m). 


In this exercise we will show that ©,,,(X , Y) is irreducible as a polynomial in X 
(which will prove part (i) of Theorem 11.18). Let +; be coset representatives 
for To(m) in SL(2, Z). As we saw in (11.14), we can write 


|C(m)| 
On(X,j(r)) = [] X — sm). 
i=1 


Let F, be the field C(j(r), j(mr)). Since ®,,(X, j(7)) has coefficients in 
C(j(7)) and j(mr) is a root, it follows that [F,: C(j(7))] < Yim) = |C(m)|. 
If we can prove equality, then ®,,(X, j(7)) will be the minimal polynomial of 
j(mr) over C(j(7)), and irreducibility will follow. 


(a) Let ¥ be the field of all meromorphic functions on , which contains F,, 
as a subfield. For -y € SL(2,Z), show that f(r) > f(77) is an embedding 
of ¥,, into F which is the identity on C(j(7)). 


(b) Use (11.13) to show that j(my;r) 4 j(my;T) for i A j. The embeddings 
constructed in (a) are thus distinct, which shows that [F,, : C(j(r))] > 
W(m). This proves the desired equality. 
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Show that the coefficients of G(X, 7) (as defined in (11.16)) are modular func- 
tions for SL(2,Z). Hint: argue as in the case of the modular function. You 
will use the fact that f(7;7) has a meromorphic g-expansion. 


Let A C C be an additive subgroup, and let f(7) be a holomorphic modular 
function. Suppose that its g-expansion is 


f(t) = 1 ang”, 


n=—M 
and that a, € A for all n < 0. Then prove the Hasse g-expansion principle, 
which states that f(r) is a polynomial in j(7) with coefficients in A. Hint: 
since the q-expansion of j(7) has integer coefficients and begins with 1/q, 
the polynomial A(x) used in part (ii) of Lemma 11.10 must have coefficients 
in A. 
Let p be a prime, and let ¢, = e?"*/?. 


(a) Prove that p = (1—¢,)(1—¢?)---(1—¢P7'). Hint: use the factorization 
of xP! txt 1. 
(b) Given a € Z[¢,], define the norm Nox<,) /q@(@) to be the number 


Nego%= TL oa). 
o€Gal(Q(¢,)/Q) 


For simplicity, we will write N(a) instead of Nac) /Q(@). Prove that 
N(q) is an integer, and show that N(a@f) = N(a)N(8) and N(1 —¢,) = p. 

(c) If an integer a can be written a = (1 —¢,,)a where a € Z[¢,], then use 
(b) to prove that a is divisible by p. 


Adapt the proof of (11.21) to show that j(7) = j(a07)? mod p. 


Let f(X,¥) € Z[X,Y] be a polynomial such that f(X, j(7)) € pZ((q))|X]. 
Prove that f(X,Y) € pZ[X,Y]. Hint: apply the g-expansion principle (Exer- 
cise 11.12) to the coefficients of X. 


Let M = Z’, and let A be a 2 x 2 integer matrix with det(A) 4 0. We know 
by Exercise 7.15 that M/AM is a finite group of order |det(A)|. The object of 
this exercise is to prove that M/AM is cyclic if and only if the entries of A are 
relatively prime. 


(a) Let G be a finite Abelian group. Prove that G is not cyclic if and only 
if G contains a subgroup isomorphic to (Z/dZ)* for some integer d > 1. 
Hint: use the structure theorem for finite Abelian groups. 


(b) Assume that the entries of A have a common divisor d > 1, and prove 
that M/AM is not cyclic. Hint: write A = dA’, where A’ is an integer 
matrix, and note that A’M/dA'M Cc M/AM. Then use (a). 


11.17. 


11.18. 


11.19, 


11.20. 


11.21. 
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(c) Finally, assume that M/AM is not cyclic, and prove that the entries of 
A have a common divisor d > 1. Hint: by (a), there is AM C M’ CM 
such that M’/AM ~ (Z/dZ)* for some d > 1. Prove that AM = dM’, and 
conclude that d divides the entries of A. 


This exercise is concerned with the proof of Lemma 11.24. 


(a) Let L’ be a sublattice of [1,7] of finite index, and let d be the smallest 
positive integer in L’. Then prove that L’ = [d,ar + b] for some integers 
a and b. 


(b) Let 7 € bh and let C(m) be the set of matrices defined in the text. Given 
a, 0’ € C(m) such that d[1,07] = d'[1,o’7], prove that 0 =o’. 


In the text, we proved that for 7 € h, the roots of ®,,(X, j(7)) = 0 are the 
j-invariants of the cyclic sublattices of index m of [1,7]. Use this fact and the 
surjectivity of the j-function to prove Theorem 11.23. 


Let O be an order, and let b be a proper fractional O-ideal. If a is a proper 
O-ideal which is not primitive, then prove that b/ab is not cyclic. Hint: use 
part (a) of Exercise 11.16. 


Let O be an order in an imaginary quadratic field K of conductor f. Letting 
wx = (dx + Vdk)/2, we proved in Lemma 7.2 that O = [1, f wx]. Prove that 
a = f wx is a primitive element of O whose norm is not a perfect square. 


Let K C L be an extension of number fields, and let a € O, satisfy L = K(a). 


(a) Prove that Ox[a] has finite index in O,. Hint: By Theorem 5.3, we know 
that O; is a free Z-module of rank [L : Q]. Then show that Ox [a] has the 
same rank. 


(b) Let $8 be a prime ideal of O,, and suppose that N(8) = p’, where p 
is relatively prime to [O, : Ox[a]]. If 6? = 8 mod ¥ holds for all 6 € 
Ox(a], then show that the same congruence holds for all 6 € O,. Hint: 
if N = [Oz : Ox[a]], then multiplication by N induces an isomorphism of 
O,/®. 


Complete the proof of Corollary 11.37. 
Let K be an imaginary quadratic field, and let L be an Abelian extension of 


K. Prove that there is a positive integer N such that L is contained in the ray 
class field for the modulus NOx. 


. If Lis a lattice and h(z;L) is the Weber function defined in the text, then prove 


that A(Az; AL) = h(z;L) for any \ € C*. 


226 = §12. MODULAR FUNCTIONS AND SINGULAR j-INVARIANTS 


§12. MODULAR FUNCTIONS AND SINGULAR j-INVARIANTS 


The j-invariant j(L) of a lattice with complex multiplication is often called a sin- 
gular j-invariant or singular modulus. In §11 we learned about the fields generated 
by singular moduli, and in this section we will compute some of these remarkable 
numbers. One of our main tools will be the function y2(7), which is defined by 


y(t) = Vi(7). 


We will show that y2(37) is a modular function for [9(9), and we will use 72(T) 
to generate ring class fields for orders of discriminant not divisible by 3. This will 
explain why the j-invariants computed in §10 were perfect cubes. 

We will then give a careful treatment of some of the results contained in Volume 
III of Weber’s monumental Lehrbuch der Algebra [102]. There is a wealth of ma- 
terial in this book, far more than we could ever cover here. We will concentrate on 
some applications of the Dedekind 7-function 7(7) and the three Weber functions 
f(r), fi(r) and f2(7). These functions are closely related to y2(r) and j(7) and 
make it easy to compute the j-invariants of most orders of class number 1. The We- 
ber functions also give some interesting modular functions, which will enable us to 
compute that 

3 
(12.1) i(V—14) = 23 (323 +228V2 + (231 + 161V2)\/2V2— 1) 
At the end of the section, we will present Heegner’s proof of the Baker-Heegner— 
Stark Theorem on imaginary quadratic fields of class number 1. 


A. The Cube Root of the j-Function 


Our first task is to study the cube root 72(7) of the j-function. Recall from §11 that 
j(7) can be written as the quotient 


g2(T lz 
A(r) 


j(r) = 1728 


The function A(r) is nonvanishing and holomorphic on the simply connected do- 
main h, and hence has a holomorphic cube root ¥/A(r). Since A(r) is real-valued 
on the imaginary axis (see Exercise 12.1), we can choose y/A(r) with the same 
property. Using this cube root, we define 


82(T) 


Since g(r) is also real on the imaginary axis (see Exercise 12.1), it follows that 

y2(T) is the unique cube root of j(7) which is real-valued on the imaginary axis. 
For us, the main property of (7) is that it can be used to generate all ring class 

fields of orders of discriminant not divisible by 3. Note that 7 needs to be chosen 


y2(r) = 12 
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carefully, for replacing r by 7 +1 doesn’t affect j(7), but we will see below that 
42(7 +1) = G !y2(r), where ¢, = e?*/3. The necessity to normalize 7 leads to the 
following theorem: 


Theorem 12.2. Let O be an order of discriminant D in an imaginary quadratic field 
K, Assume that 3 { D, and write O = (1,70, where 


Vv-—m D=—4m=0 mod 4 


3+ /-—m 
2 


m= 
D=—-m=1 mod 4. 


Then y2(T0) is an algebraic integer and K(y2(7)) is the ring class field of O. Fur- 
thermore, Q(y2(70)) = Q(i(7)). 


Let’s first see how this theorem relates to the j-invariants computed in §10. When 
O has class number one, we know that j(©) is an integer, so that by Theorem 12.2. 
y2(T) is also an integer when 3 { D. This explains why 


i = 12° 
i(V—2) = 20° 


(22) 


are all perfect cubes. (In the last case, note that j((1 + /—7)/2) = j((3+V—7)/2), 
so that Theorem 12.2 does apply.) 


Proof of Theorem 12.2. By Theorem 11.1, we know that K(j(70)) is the ring class 
field of O = [1,79]. Thus, to prove Theorem 12.2, it suffices to prove that 


Q(72(70)) = Q(J(70)) 


whenever 3 { D. The first proof of this theorem was due to Weber [102, §125], and 
modern proofs have been given by Birch [7] and Schertz [87]. Our presentation is 
based on [87]. 

The first step of the proof is to show that y2(37) is a modular function. 


Proposition 12.3. -y2(37) is a modular function for the group T0(9). 


Proof. We first study how -y2(r) transforms under elements of SL(2,Z). We claim 
that 
y2(-1/7) = y2(7) 


(12.4) 
y(t +1) = 65 2(7), 
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where ¢, = e?"'/3_ The first line of (12.4) is easy to prove, for y2(—1/7) is a cube 
root of j(—1/7) = j(r). But —1/7 lies on the imaginary axis whenever 7 does, so 
that +2(—1/7) is a cube root of j(7) which is real on the imaginary axis. By the 
definition of y2(7), this implies 72(—1/7) = y2(r). 

To prove the second line of (12.4), consider the g-expansion of 72(7). We know 
that 


CO 
H(t) =a"! +d eng" = 47 'h(q); 
n=0 


where h(q) is holomorphic for |g| < 1 and h(0) = 1. We can therefore write h(q) = 
u(q)*, where u(q) is holomorphic and u(0) = 1. Note also that u(q) has rational 
coefficients since h(q) does (see Exercise 12.2). Then q~!/3u(q) is a cube root of 
J(r) which is real-valued on the imaginary axis, and it follows that 


(12.5) no(7) = q7"3u(q) =47¥3(1+ > ona"), b, €Q. 
n=0 


It is now trivial to see that y2(7 + 1) = G 'y2(7) and (12.4) is proved. 
We next claim that if (4%) € SL(2,Z), then 


at+b a! ac—ab+a’cd—cd 
(12.6) ” (<4) =¢ 2(). 


To see this, first note that (12.6) holds for S = (7 ~4) and T = (}{) by (12.4). It 
is well-known that these two matrices generate SL(2,Z) (see Serre [88, §VII.1] or 
Exercise 12.3). Then (12.6) follows by induction on the length of (25) as a word in 
S and T (see Exercise 12.5). 

Given (12.6), it follows easily that -y2(7) is invariant under the group of matrices 


ra)={(° A) :b=c=0mod 3}. 


This group is related to [9(9) by the identity 


r= (19 H)te(s 4). 


and a simple computation then shows that 2(37) is invariant under ['9(9) (see Exer- 
cise 12.5). The group ['(3) is not the largest subgroup of SL(2, Z) fixing (7), but 
it’s the one that relates most easily to the T'9(m)’s (see Exercise 12.5). 

To finish the proof that ~2(37) is a modular function for Po(9), we need to check 
its behavior at the cusps. Let y € SL(2,Z). By Theorem 11.9, j(37) is a modular 
function for (3), so that j(377) has a meromorphic expansion in powers of q!/3. 
Taking cube roots, this implies that 72(3-yr) has a meromorphic expansion in powers 
of q'/°, which proves that (37) is meromorphic at the cusps. This proves the 
proposition. Q.E.D. 
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Once we know that (37) is a modular function for ['9(9), Theorem 11.9 tells us 
that it is a rational function in j(7) and j(97). The following proposition will give 
us information about the coefficients of this rational function: 


Proposition 12.7. Let f(7) be a modular function for T'9(m) whose q-expansion has 
rational coefficients. Then: 


(i) f(r) € Q(z), i(mr)). 
(ii) Assume in addition that f (1) is holomorphic on b, and let 7 € b. If 


F2M (j(mr)si(70)) £0, 
then f(t) € Q(i(7), j(m70)). 


Remark. Note that the hypothesis of (i) involves only the expansion of f(7) in pow- 
ers of g'/™. For general 7 € SL(2,Z), the expansion of f(yr) need not have coeffi- 
cients in Q. 


Proof. To prove (i), we will use the representation 
G(j(mr), j(7)) 
(12.8) See a 
FO Fan ( ann), 7) 


given by (11.17). Since the denominator clearly lies in Q(j(r), j(m7)) (part (i) of 
Theorem 11.18), it suffices to show that the same holds for the numerator. We know 
that G(j(mr), j(T)) lies in C(j(r))|j(m7)], so that 


P(i(mr), i(7)) 
Q(i(r))  ' 


where P(X, Y) and Q(Y) # 0 are polynomials with complex coefficients. Let’s write 
these polynomials as 


G(i(mr), j(7)) = 


P(X,Y) = Sax! y* 


i=0 k=0 
L 
Q(Y) =Soby'. 
1=0 
Then (12.8) implies that 


P(j(mr), j(7)) = frye dlr), (7) QU(7)), 


which we can write as 


Soo ain j(mr)i(r)* = frye x mr) di(r)) (Saute y). 


i=0 k=0 
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Substituting in the g-expansions of f(r), j(7) and j(mr) and equating coefficients 
of powers of g!/”, we get an infinite system of homogeneous linear equations with 
the aj,’s and b;’s as unknowns. The q-expansions of f(7), j(7) and j(mr) all have 
coefficients in Q, and the coefficients of (0/OX)®,,(X , Y) are also rational. Thus the 
coefficients of our system of equations all lie in Q. This system has a solution over 
C which is nontrivial in the b;’s (since Q(j(r)) 40), and hence must have a solution 
over Q also nontrivial in the b;’s. This proves that P(X,Y) and Q(Y) # 0 can be 
chosen to have rational coefficients, which proves part (i). 

To prove (ii), let’s go back to the definition of G(X, j(r)) given in (11.16). Since 
f(r) is holomorphic on 5, the coefficients of G(X, j(7)) are also holomorphic on §. 
As we saw in Lemma 11.10, this means that the coefficients are polynomials in j(r). 
Thus, in the representation of f(7) given by (12.8), the numerator G(j(mr), j(7)) is 
a polynomial in j(mr) and j(7). By a slight modification of the argument for part 
(i), we can assume that it has rational coefficients (see Exercise 12.6). Consequently, 
whenever the denominator doesn’t vanish at 7), we can evaluate this expression at 
T = 7 to conclude that f(7) lies in Q(j(7), j(m70)). Q.E.D. 


We want to apply this proposition to (79), where 79 is given in the statement 
of Theorem 12.2. By (12.5), we see that the g-expansion of y2(37) has rational 
coefficients. Since it is a modular function for '9(9), Proposition 12.7 tells us that 


y2(37) € Q(T), J(97)). 


Since we’re concerned about y2(79), we need to evaluate the above expression at 
7 = 79/3. We will for the moment assume that ‘ 


OPo |. ; 
(12.9) By (i370), (7/3) # 0. 
Since 7y2(37) is holomorphic, the second part of Proposition 12.7 then implies that 
42(70) € QU(70/3), j(370)), which we can write as 


(12.10) yo(To) € QCA, 70/3]), (M1, 370])). 


To see what this says about 7y2(70), recall that O = [1,79]. Then O’ = [1,379] is the 
order of index 3 in O, and the special form of 79 implies that [1,79/3] is a proper 
fractional O’-ideal (this follows from Lemma 7.5 and 3{D—see Exercise 12.7). 
Thus, by Theorem 11.1, both j(7)/3) and j(379) generate the ring class field L’ of 
the order O’. Consequently, (12.10) implies that -y2(79) lies in the ring class field L’. 

Let L denote the ring class field of O, so that L Cc L’. To compute the degree 
of this extension, recall that the class number is the degree of the ring class field 
over K. Since the discriminant of O is D, this means that [L’ : L] = h(9D)/h(D). 
Corollary 7.28 implies that 


h(9D) = oF (1 (3) 3): 


A. THE CUBE ROOT OF THE j-FUNCTION 231 


and since 3 { D, we see that L C L’ is an extension of degree 2 or 4. Now consider 
the following diagram of fields: 


QUi(m)) cL 
a n 


Q(y2(7)) CL’. 


We know that L has degree 2 over Q(j(70)), and by the above computation, L’ has 
degree 2 or 4 over L. It follows that the degree of Q(72(70)) over Q(j(7)) is a 
power of 2. But recall that (70) is the real cube root of j(79), which means that 
the extension Q(j(7)) C Q(72(70)) has degree 1 or 3. Hence this degree must be 1, 
which proves that Q(j(70)) = Q(72(70)). 

We are not quite done with the theorem, for we still have to verify that (12.9) is 


satisfied, i.e., that ad 
Bx Br): 4(70/3)) #0. 


For later purposes, we will prove the following general lemma: 


Lemma 12.11. Let O be an order in an imaginary quadratic field, and assume that 
O* = {+1}. Write O = [1,a], and assume that for some integer s, s | T(a) and 
ged(s*,N(a)) is squarefree, where T(a.) and N(q) are the trace and norm of a. 
Then for any positive integer m, 


Fe" (i(ma/s), i(a/s)) £0. 


Proof. Since ®,,(j(ma/s), j(a@/s)) = 0, the nonvanishing of the partial derivative 
means that j(ma/s) is not a multiple root of the polynomial 


@n(X,i(a/s))= J] (X-s(ea/s)). 
aEC(m) 

Thus we must show that 

5 : m 0 

j(ma/s) # j(oa/s), a€C(m), of#o= ¢ a3 
So pick o = (45) €C(m), o # a0, and assume that j(ma/s) = j(oa/s). In terms 
of lattices, this means that there is a complex number \ such that 
(12.12) A[1,ma/s] = [d,aa/s + }. 


We will show that this leads to a contradiction when O* = {+1}. 

The idea is to prove that \ is a unit of O. To see this, note that by Lemma 11.24, 
both [1,ma/s] and [d,aa/s +b] have index m in [1,a/s], so that A must have norm 
1. Furthermore, we have 


SA € s{d,aa/s +b] = [sd,aa + sb] Cc {s, a]. 
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Writing s\ = us+ va, u, v € Z, and taking norms, we obtain 
x? =s’N(A) = N(us+va) = us? + usvT (a) + v°N(a). 


Since s | T(a), it follows that s* | v-N(q), and since gced(s*,N(a)) is squarefree, 
we must have s | v. This shows that A € [1,a] = O, so that is a unit since it has 
norm 1. Then O* = {+1} implies that \ = +1, and hence [1, ma/s] = [d,aa/s+b], 
which contradicts o 4 oo by the uniqueness part of Lemma 11.24. The lemma is 
proved. Q.E.D. 


We want to apply this lemma to the case s = 3, m = 9 and a = 79. Using the special 
form of 79, it is easy to see that the norm and trace conditions are satisfied (note that 
the discriminant of O = [1,79] is D = T(1))* —4N(7»)). Thus (12.9) holds except 
possibly when © is Z[i] or Z[¢,]. The latter can’t occur since 3 doesn’t divide the 
discriminant, and when O = Ziij, a simple argument shows that (12.12) is impossible 
(see Exercise 12.8). This completes the proof of Theorem 12.2. Q.E.D. 


This theorem tells us about the behavior of 72(7)) when 3 doesn’t divide the dis- 
criminant D. For completeness, let’s record what happens when D is a multiple of 3 
(see Schertz [87] for a proof): 


Theorem 12.13. Let O be an order of discriminant D in an imaginary quadratic 
field K. Assume 3 | D and D < —3 and write O = [1,70], where 


Vv—m D=—4m=0 mod 4 
T= Ye 
yo D=-~m=1 mod 4. 


Then K(7y2(70)) is the ring class field of the order O' = [1,379] and is an extension of 
degree 3 of the ring class field of O. Furthermore, Q(y2(70)) = Q(j(37)). Q.E.D. 


Besides the cube root y2(7) of j(7), there is also an interesting square root to 
consider. This follows because 


since A(T) = g2(T)*? — 27g3(7)?. Hence we can define 
a3(t) = V/j(t) — 1728 = 216 Wat 
T 


Similar to Theorems 12.2 and 12.13, 7 can be chosen so that y3(7)) generates a field 
closely related to the ring class field of O = [1,79]. See Schertz [A19, Theorem 3]. 


B. The Weber Functions 


To work effectively with y2(7), we need good formulas for computing it. This leads 
us to our next topic, the Dedekind 7-function 7(7) and the three Weber functions 
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f(r), fi(r) and f2(r). If r © h, we let q = e?""7 as usual, and then the Dedekind 
7-function is defined by the formula 


nio)=a'™T]a-4" 


Note that this product converges (and is nonzero) for 7 € since 0 < |g| < 1. 
We then define the Weber functions f(r), f,(7) and f2(7) in terms of the 7-function 
as follows: 


n((r +1)/2) 
fo=c.. ee oe 
(12.14) fi(r) = nee 
_ 027) 
fo(T) = v2 n(r) ’ 


where C4, = e?"!/48, From these definitions, one gets the following product expan- 
sions for the Weber functions: 


f(r) = ov*Tya +q0?) 


n=1 


(12.15) =o Ta qo) 


fo(r) = Vig TT +q") 


n=1 


(see Exercise 12.9), and we also get the following useful identities connecting the 
Weber functions: 


f(r) fi(r) fo(r) = v2 


(12.16) 
fi(2r) f(r) = V2 


(see Exercise 12.9). 
Much deeper lie the following relations between 7(7), f(7), fi(7) and f2(7) and 
the previously defined functions j(7), y2(7) and A(r): 


Theorem 12.17. [fr € h, then A(r) = (27)!2n(7)*4 and 
oe f(r)4#—16  fi(r)*+16 — fo(r)4+16 
ol Co | Co E71 


Remark. Since j(r) = y2(7)°, this theorem gives us some remarkable formulas for 
computing the j-function. 
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Proof. We need to relate 7(7) and the Weber functions to the Weierstrass ¢o-function. 
Let (z) = e(z;7) denote the g-function for the lattice [1,7], and set 


e:=(7/2), e= (1/2),  e3 = @((7 +1)/2). 
We will prove the following formulas for the differences e; — e;: 
en —e, = 1° 7(T)* f(r)? 
(12.18) e2—€3 = 1° n(T)*fi (7)? 
€3 —e) = 1° n(T)* fo(7)?. 


The basic strategy of the proof is to express e; — e; in terms of the Weierstrass o- 
function, and then use the product expansion of the o-function to get product expan- 
sions for e; — e;. Proofs will appear in the exercises. 

The Weierstrass o-function is defined as follows. Let 7 € h, and let L be the lattice 
[1,7]. Then the Weierstrass o-function is the product 


se — 2) ox/w+(1/2)(z/w)? 
o(z;T) =z I] ¢ =) e . 
weEL—{0} 


Note that o(z;7) is an odd function in z. We will usually write o(z;7) more simply 
as o(z). The o-function is not periodic, but there are complex numbers 7 and 7, 
depending only on T, such that 


a(z+7) = —e™@+7/2) g(z) 
o(z+1)= —e™l2t1/2) gz), 


and the numbers 7, and 7 satisfy the Legendre relation 727 — | = 277i (see Exer- 
cise 12.10). The o-function is related to the g-function by the formula 


_  a(z+w)a(z—w) 
p(z) — p(w) = Feo) 


whenever z and w do not lie in L (see Exercise 12.11). Since e) = o(7/2), e2 = 
p(1/2) and e3 = g((7 + 1)/2), it follows easily that 


e2—e) = 


2-63 = —em(t+!)/2 


1 
“(3) 
RO ic 2), eee le 
1 
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(see Exercise 12.12). 
There is also the following g-product expansion for the o-function: 


Is 12 Ty (= 9342) (1 — 4/42) 
o(z;7) = 5—e™ ql? _¢ 2yTT a [4 ? 


n=1 


where g, = e*"'7 and q, = e?7® (see Exercise 12.13). Using this product expansion, 
we obtain the formulas 


1 om/8 fo(r)? 


Q 
ss 
NI 
NE 
II 


2n (TP 
i 2 
= | omt?/8 1/8 fi (rT) 
@ ( 5) ja q n(r)2 
o is) = J em(r+1)/8g-1/8 f(r)? 
2 Qn n(t)? 


(see Exercise 12.14). It is now straightforward to derive the desired formulas (12.18) 
for e; — e; (see Exercise 12.14). 

To relate this to A(r), recall that A(r) = 16(e2 — e;)*(e2 — e3)?(e3 — e1)? by 
(10.6). Using (12.18), it is now easy to express A(T) in terms of the 7-function: 


A(r) = 16(62~e1)*(e2—¢3)*(es — 1) 
= 16m"? n(7)* (7)! fir)! fole) 
= (2m)? n(r)™, 


where the last line follows by (12.16). 
Turning to (7), we know that 


malt) = VI = eS, 


where the cube root is chosen to be real-valued on the imaginary axis. Using what 
we just proved about A(r), this formula can be written 


3g2(T 
y2(T) = ea 


since 7(7) is real valued on the imaginary axis. Thus, to express y2(7) in terms of 
Weber functions, we need to express g2(T) in terms of n(7), f(r), f1(7) and fo(7). 
The idea is to write g2(7) in terms of the e;—e;’s. Recall from the proof of 
Proposition 10.7 that the e;’s are the roots of 4x° — g2(r)x — g3(rT), which implies that 
g2(T) = —4(e1e2 + e1€3 + €2€3) (see Exercise 10.8). Then, using e) + e2 + e3 = 0, 
one obtains 
3g2(7) = 4((e2 — 1)” — (er —€3)(€3 — €1)) 
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(see Exercise 12.15). Substituting in the formulas from (12.18) yields 


3go(r) = 41 (7) (F(r)'® — fi(r)8 fa(7)8), 


so that 


42(7) a ee 


16. 
= = f(r ) aa 
_ f(r)*4 — 16 
Fares 


where we have again used the basic identity (12.16). The other two formulas for 
y2(T) are proved similarly and are left to the reader (see Exercise 12.15). This com- 
pletes the proof of the theorem. Q.E.D. 


Using these formulas it is easy to show that the g-expansions of 72(7) and j(T) 
have integer coefficients (see Exercise 2.16), and this proves Theorem 11.8. We can 
also use Theorem 12.17 to study the transformation properties of (7), f(T), f1(7) 
and f2(r): 


Corollary 12.19. For a positive integer n, let ¢, = e?"!/". Then 


ey 1) = Gyn(7) 
(-—1/r) = V—irn(r), 


where the square root is chosen to be positive on the imaginary axis. Furthermore, 
-1 
f(r + 1) = Cag fi (7) 


f(r +1) = Cag! f(r) 
fo(7 +1) = Gafe(7), 


and 


f(-1/7) = f(r) 
fi(-1/r7) = fa(r) 
fo(-1/7) = fir). 


Proof. The definition of 7(7) makes the formula for n(7 + 1) obvious. Turning to 
n(—1/r), first consider A(7) = (277)!2n(7)*4. For a lattice L, we know 


A(L) = g2(L)° —27g3(L)’. 
In (10.10) we showed that g2(AL) = A~4g2(L) and g3(AL) = \~®g3(L). Hence 


A(QL) = AP A(L). 
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This gives us the formula 
A(-1/7) = A((,-1/7}) = AC" [1 7}) = TP A((L,7]) = 77 (7), 
and taking 24th roots, we obtain 
n(-1/7) = eV—ir (7) 


for some root of unity «. Both sides take positive real values on the imaginary axis, 
which forces € to be 1. This proves that 7(7) transforms as desired. 

Turning to the Weber functions, their behavior under 7 +> 7 + 1 and 7+ —1/7 is 
a simple consequence of their definitions and the transformation properties of 7(r) 
(see Exercise 12.17). Q.E.D. 


We will make extensive use of these transformation properties in the latter part of 
this section. 


C. j-Invariants of Orders of Class Number 1 


Using the properties of the Weber functions, we can now compute the j-invariants 
for orders of class number 1. In §7 we saw that there are exactly 13 such orders, with 
discriminants 


—3, —4, -7, —8, -11, —12, —16, —19, —27, —28, —43, —67, —163 


(we will prove this in Theorem 12.34 below). The j-invariants of these orders are 
integers, and if we restrict ourselves to those where 3 doesn’t divide the discriminant 
(10 of the above 13), then Theorem 12.2 tells us that the j-invariant is a cube. So 
in these cases we need only compute 72(79), where 79 is an appropriately chosen 
element of the order. Rather than compute 2(7) directly, we will use the Weber 
functions to approximate its value to within +.5. Since y2(70) is an integer, this will 
determine its value uniquely. This scheme for i these j-invariants is due to 
Weber [102, §125]. 
The ten j-invariants we want to compute are given in the following table: 


(OQ) = i) 


—4 12-9753 12? 
-7 bane —15=-3-5 -153 
—8 /-2 20 = 27-5 20° 
—11] (3+ ve )/2 ~32 = -25 —323 
—16 66=2-3-11 66° 
(12.20) —19} (34 v= 19)/2 | -—96=-2°-3 —963 
—28 V-7 255 =3-5-17 2553 
—43 | (34+ V/—43)/2 | -960 = —2°.3-5 —960° 

—67 | (3+ /—67)/2 —5280 = —52803 

—23-3-5-11 
—163 | (3+ V—163)/2 —640320 = —640320° 


—2°.3-5-23-29 
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For completeness, we also give the j-invariants of the three orders of discriminant 
divisible by 3: 


To i(O) = j(7) 
—3} (1+ /V-3)/2 0 
—12 V-3 54000 = 2* -33-53 
—27 | (1+3V—3)/2 | —12288000 = —2'5.3.53 


We computed j((1 + /—3)/2) = 0 in §10, and we will prove j(\/—3) = 54000 in 
§13. As predicted by Theorem 12.13, the last two entries are not perfect cubes. 

To start the computation, first consider the case of even discriminant. Here, 7 = 
/—m where m = 1, 2, 4 or 7. Setting g = e?""V—™ = e-2"V™_ we claim that 


(12.21) 92(V—m) = [256973 +77], 


where [[ ] is the nearest integer function (i.e., for a real number x ¢ Z+ 5, [[x]] is 
the integer nearest to x). 
To prove this, we will write 2(7) in terms of the Weber function f2(7): 


16 
(12.22) 42(V/—m) =falV—m)! + 


Using g = e~2"V™ as above, (12.15) gives us 
foe) 
fa(V—m) = V2q'/ TT] (1 +4"), 
n=] 


and to estimate the infinite product, we use the inequality 1 +x < e* for x > 0. This 
yields 


co co 
vf ay< [het =e 
n=1 n=1 


and we can simplify the exponent by noting that g/(1 —g) < q/(1—e~°") < 1.002¢ 
since g < e~°". Thus we have the following inequalities for f(,/—m): 


V2q)/%4 < fo(V/—m) < V2q'/24e!.0024, 
and applying this to (12.22), we get upper and lower bounds for -y2(./—m): 
(12.23) -256.g2/3 4. g7"/3 078-0164 < a9 (\/—=m) < 256 92/3¢!69324 4 g— 73, 
To see how sharp these bounds are, consider their difference 
E= 256 q?/3(e!6-0324 7 1) +q (1 aig Bnleay. 
Using the inequality 


x 
1-x’ 


l-e’*< 0<x<il, 
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one sees that 


E < 256q7/3(e!624 _ 1) + g~!/38.016q/(1 — 8.016q) 
= 256 47/3 (e634 — 1) + 8.016 47/3/(1 — 8.0164). 


The last quantity is an increasing function in g, and then g < e~°" easily implies that 
E <.25. Since y2(\/—m) is an integer, this means that [[x]] = y2(./—m) for any x 
lying between the upper and lower limits of (12.23). In particular, 256 Gh +q38 
lies between these limits, which proves (12.21). Using a hand calculator, it is now 
trivial to compute the corresponding entries in table (12.20) (see Exercise 12.18). 

Turning to the case of odd discriminant, let 7 = (3 + /—m)/2, m=7, 11, 19, 
43, 67 or 163, and we again want to compute 


16 
yo(To) = f2(70) aa ea 
Our previous techniques won’t work, for g = e2"'G+V—™)/2 — —e—™v is negative 
in this case. But Weber uses the following clever trick: from (12.16), we know that 
v2 
f2(70) = fiom)” 


and then the transformation properties from Corollary 12.19 imply 


fi(270) = fi(3 + V—m) = Cig! f(2+ V—m) 
= Gg fil + V—m) = Gg f(W—m). 


Combining the above equations implies that 


V2.6 
f(V/—m)’ 


f2(70) = 
and thus 
1200) = os f(V—m)*. 


From here, our previous methods easily imply that if m= 7, 11, 19, 43, 67 or 163, 
and g = e~2"V™, then 


(3+ V—m)/2) = [-q7/° +256q'/7], 
where [| |] is again the nearest integer function. Using a hand calculator, we can now 


complete our table (12.20) of singular j-invariants (see Exercise 12.18). 


D. Weber’s Computation of j(./— 14) 


We next want to compute some singular j-invariants when the class number is greater 
than 1. There are several ways one can proceed. For example, when the class num- 
ber is 2, the Kronecker Limit Formula gives an elegant method to determine the 
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j-invariant, and this method generalizes to the case of orders with only one class per 
genus. (Recall from §3 that for discriminants —4n, this condition means that n is 
one of Euler’s convenient numbers.) For example, when n = 105, Weber [102, §143} 
shows that 


j(V=105)8 = V2 (1+ V3)3(1 + V5)3(V3 + V7)3(V5 + V7), 


which would then allow us to compute 7y2(./—105) and hence j(—105). (The 
radicals appearing in the above formula are not surprising, since in this case the 
Hilbert class field equals the genus field, which we know by Theorem 6.1—see Ex- 
ercise 12.19.) Other examples may be found in Weber [102, pp. 721-726] or [103], 
and a modern treatment of the Kronecker Limit Formula is in Lang [73, Chapter 20]. 

We will instead take a different route and compute j(./ —14), an example partic- 
ularly relevant to earlier sections. Namely, K(j(./—14)) is the Hilbert class field of 
K = Q(vV—/A4) since Ox = (1, /—14]. We determined this field in §5, so that finding 

i(V¥—-14) will ae us a second and quite different way of finding the Hilbert class 
field of Q(./~14). Our exposition will again follow Weber [102, §144], using ideas 
from Schertz [87] to fill in the details omitted by Weber. 

A key fact we will use is that in many cases, one can generate ring class fields 
using small powers of the Weber functions. Weber gives a long list of such theorems 
in [102, §§126-127], and modern proofs have been given by Birch [7] and Schertz 
(87, A19]. We will discuss two cases which will be useful to our purposes: 


Theorem 12.24. Given a positive integer m not divisible by 3, let O = |1,./—mi, 
which is an order in K = Q(./—m). Then: 


(i) For m= 6 mod 8, fi(\/—m)? is an algebraic integer and K(f,(./—m)*) is the 
ring class field of O. 


(ii) For m =3 mod 4, f(,/—m)? is an algebraic integer and K(f(,/—m)?) is the 
ring class field of O. 


Proof. We begin with (i). Multiplying out the identity 


—)24 3 
i(V=R) = a=) = (MOREY 


it follows that f, (./—m)? is a root of a monic polynomial with coefficients in the ring 
ZLi(,/—m)]. But j(,/—7) is an algebraic integer, which implies that the same is true 
for fi(/—m)*. 

We know that L = Kj i(,/—m)) is the ring class field of [1,,/—m], and since 
i(\/—m) is a polynomial in f;(./—m)’, we need only show that f,(,/—m)? lies in 
L. Actually, it suffices to show that f;(,/—m)® lies in L. This is a consequence of 
Theorems 12.2 and 12.17, for since 3 { m, we have y2(./—m) € L. We also know that 


sy — filV—m)* +16 
Baar 
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When f; (,/—m)° lies in L, so does f;(,/—m)**. The above equation then implies that 
fi(./—m)® € L, and f;(./—m)? € L follows immediately. 
The next step in the proof is to show that f,(87)°® is a modular function: 


Proposition 12.25. ,(87)° is a modular function for the group T9(32). 


Proof. We first study the transformation properties of f,(7)°. Consider the group 


roy ={ (8 |) :b=0mod 2}. 


In Exercise 12.4, we will show that the matrices 


gc) ee 


generate I'(2)'. Using Corollary 12.19, f;(7)® transforms under U and V as follows: 
fi(Ur)® = —ifi(7)® 
fi(Vr)° = —ifi (7)? 

(see Exercise 12.20). Then we get the general transformation law for f,(r)°®: 


+—ac— b 
(12.26) fi(yr)® =j (1/2)bd+(1/2)beg (r)°, y= (< € T(2)'. 


This can be proved by induction on the length of -y as a word in —/J, U and V. A more 
enlightening way to prove (12.26) is sketched in Exercise 12.21. See also §15. 
Now consider the function f;(87)®, and let y € '9(32). Then 


a b a 8b 2 
1 =8(49, a)t=(%  )8r= 780, 


Since 7 € T'o(2), it follows easily from (12.26) that f; (8-y7)° = f1(787)*° = f1(87)°, 
which proves that f,(87)° is invariant under '9(32). To check the cusps, suppose 
that -y € SL(2,Z). Under the correspondence between cosets of I'9(8) and matrices 
in C(8) given by Lemma 11.11, there is o € C(8) and ¥ € SL(2,Z) such that 


8yT = Yor. 


Writing 7 as a product of various powers of CG 1) and (i se the transformation 
properties of Corollary 12.19 imply that 


fi(8yr)° = fi(4or)® = ef(or)®, efi(or)®, or ef2(or)® 


for some root of unity e. Since 0 = @ 5) , where ad = 8, we have 


erior = git = C2(gh/8)@, 
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and hence, the product expansions for the Weber functions imply that f,(8y7)° is 
meromorphic in g'/8. This proves that f;(87)° is a modular function for '9(32). 
Q.E.D. 


The next step in proving Theorem 12.24 is to determine some field (not neces- 
sarily the smallest) containing f;(,/—m)°. The key point is that f,(87)°® is not only 
a modular function for I'9(32), it’s also holomorphic and its g-expansion is inte- 
gral. Thus Proposition 12.7 tells us that f;(87)° = R(j(r), j(327)) for some rational 
function R(X ,Y) € Q(X, Y). We will write this in the form 


(12.27) fi(r)° = R(i(r/8), i(47)). 
Using Lemma 12.11 with m = 32 and s = 8, we see that 
O® 
ay AV =m), iW =m/8)) #0, 


and thus, by Proposition 12.7, we conclude that 


(12.28) fi(W—m)® = R(j(V—m/8), j(4V—m)) = R(j([8, V—m)), i((1,4V—m))). 


To identify what field this lies in, let L’ denote the ring class field of the order O’ = 
[1,4,/—m]. Since [8, /—m] is a fractional proper ideal for O’ (this uses Lemma 7.5 
and m = 6 mod 8—see Exercise 12.22), it follows that f,(,/—m)® € L’. 

We want to prove that f,(,/—m)° lies in the smaller field L. This is the situation 
that occurred in the proof of Theorem 12.2, but here we will need more than just a 
degree calculation. The crucial new idea will be to relate Galois theory and modular 
functions. 

Let’s first study the Galois theory of L C L’. The orders O’ and O have discrimi- 
nants —64m and —4m respectively, so that Corollary 7.28 implies that h(—64m)) = 
4h(—4m). Thus L’ has degree 4 over L. Furthermore, the isomorphisms C(O’) ~ 
Gal(L’/K) and C(O) ~ Gal(L/K) imply that 


Gal(L’/L) ~ ker(C(O’) + C(O)). 


In Exercise 12.22 we show that [4,1 + /—m] is a proper O’-ideal which lies in the 

above kernel and has order 4. It follows that L C L’ is a cyclic extension of degree 4. 
The goal of the remainder of the proof will be to compute o(f, (\/—m)°) for some 

generator o of Gal(L’/L). At the end of §11 we described an isomorphism 


C(O’) ~ Gal(L’/K) 


as follows. Given a class [a] € C(O’), let the corresponding automorphism be og € 
Gal(L'/K). If we write L’ = K(j(6)) for some proper fractional O’-ideal b, then 
Corollary 11.37 states that 


7a(j(6)) = j(ab). 
To exploit this, let b = [8, /—m] = 8[1, /—m/8], so that (12.28) can be written 


fi(W—m)° = R(j(6), j(O’)). 
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Now let a = [4,1 + /—ml, and let the corresponding automorphism be o = a4 € 
Gal(L’/L). Note that o is a generator of Gal(L’/L). Hence to prove that f;(./—m)® 
lies in L, we need only prove that it is fixed by o. Using the above formula for 


fi: (,/—m)®, we compute 
o(fi(W—m)®) = R(o(j(6)),¢(G(O"))) = R(i(@b), j(@)). 
Since m = 6 mod 8, one easily sees that 
ab = [8,-2+ V—m], a=(4,-14+V—m] 
(see Exercise 12.22), and hence o(f;(.\/—m)°) can be written 
(12.29) o(fi(\/—m)°) = R(j([8, -2+ V—m}), j([4, -1 + V—m)). 


Now let y = (j ~7) € T'o(2)!. If we substitute yr for 7 in (12.27), we get 


fi(yr)® = RUi(y7/8), i(477)). 
Since yr = (7 —2)/(7 — 1), one sees that 


[1,y7/8] is homotheticto [8(7 —1),7—2] =[8,-24+7] 
[1,4y7]  ishomotheticto [7 —1,4(7 —2)] = [4,-14+7], 


and thus 
fi(yr)® = R(i([8,-2 + 7), (4, -1 + 7])). 
Evaluating this at 7 = ./—m and using (12.29), we see that 


o(fi(v—m)°) = fi(yv—m)°. 


However, (12.26) shows that f;(yr)®° = fi(7)°® for all 7, which shows that f; (,/—m)*® 
is fixed by o and hence lies in the ring class field L. This completes the proof of (i). 

The proof of (ii) is similar to what we did for (i), though this case is a little 
more difficult. We will sketch the main steps of the proof in Exercise 12.23. This 
completes the proof of Theorem 12.24. Q.E.D. 


Remark. The above equation o(f;(,/—m)°) = f,(y./—m)° is significant, for it al- 
lows us to compute the action of o € Gal(L’/K) using the matrix -y € SL(2,Z). This 
correspondence between Galois automorphisms and linear fractional transformations 
is not unexpected, for the f1(y7)°’s are the conjugates of f,(7)° over Q(j(7)), hence 
when we specialize to T = \/—m, the conjugates of f,(,/—m)® should lie among the 
fi (y/—m)°’s. What’s surprising is that there’s a systematic way of finding . This 
is the basic content of the Shimura Reciprocity Law. We will explain how this works 
in Theorem 15.18 in §15 when we use Shimura reciprocity to give a second proof 
that f, (,/—m)° € L. See also Lang [73, Chapter 11] or Shimura [90, §6.8]. 
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We can now begin Weber’s computation of j(,/—14) from [102, §144]. Let K = 
Q(V—14). Since Ox = [1, /—14], L = K(j(V—14) is the Hilbert class field of K. 
As we saw in §5, Gal(L/K) ~ C(Ox) is cyclic of order 4. Furthermore, we can use 
the results of §6 to determine part of this extension. Recall that the genus field M 
of K is the intermediate field K C M C L corresponding to the subgroup of squares. 
When K = Q(./—14), Theorem 6.1 tells us that M = K(/—7) = K(V2). Thus 


KCK(V2) CL. 


We will compute f; (\/— 14)”, which lies in the Hilbert class field L since m = 14 sat- 
isfies the hypothesis of the first part of Theorem 12.24. Let o be the unique element 
of Gal(L/K) of order 2, so that the fixed field of o is the genus field K(./2). The key 
step in the computation is to show that 


(12.30) o(fi(W—14)?) = fo(W—14/2)?. 
We start with the equation 
fi(v—m)? = R(j(b), j(O’)) 


from Theorem 12.24, where O’ = [1,4\/—14] and 6 = [8, /—14]. If O’ and L’ are 
as in the proof of Theorem 12.24, then 6 determines a class in C(O’) and hence an 
automorphism op € Gal(L’/K). It is easy to check that 6 maps to the unique element 
of order 2 in C(Ox) (see Exercise 12.24), and consequently, the restriction of a, to 
L is the above automorphism o. By abuse of notation, we will write 0 = op. Then, 
using Corollary 11.37, we obtain 


o(fi(V—14)®) = R(j(6), j(b)) = RO’), j()) 
since b = b and bb = [2,8,\/—14)] = 20’. Thus 
(12.31) o(fi(v—14)°) = R(i((1,4v—14]), j([8, V—14])). 


Let y = (7 ~4), and note that f2(7) = f(y) by Corollary 12.19. Combining this 
with (12.27), we get 


fo(r)° = filyr)® = R(i(y7/8), j(477)) 
= R(j({1,87]), j([4,7])). 


Evaluating this at 7 = /—14/2 and using (12.31), we obtain 
o(fi(W~—14)°) = fo(v—14/2)°. 


(See Theorem 15.29 in §15 for a second proof of this that uses Shimura reciprocity.) 
If we take the cube root of each side, we see that 


o(fi(W—14)”) = G fo(W= 14/2)? 
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for some cube root of unity ¢/. It remains to prove that the cube root is 1. From 
(12.16) we know that f;(7)f2(7/2) = V2, so that 


(12.32) fi(V=14)2o (fi (W=14/2)?) = Gi fu V— 14)? fo V=14/2)? = 24. 


Since f,(V/—14)*o(fi(/—14)”) is fixed by a, it lies in K(/2), and hence ¢j € 
K(V2) = Q(V2, V—7). This forces the root of unity to be 1, and (12.30) is proved. 
Now let a = f,(/—14)?. From (12.32) we see that ac(a) = 2, so thata+o(a) = 
a+2/a lies in K(/2). But a is clearly real, so that a +2/a € Q(V2), and further- 
more, @ and 2/a = o(a) are algebraic integers by Theorem 12.24. It follows that 


2 
(12.33) a+==atbv2, a,b € Z. 
We will use a wonderful argument of Weber to show that a and b are both positive. 


Namely, (12.33) gives a quadratic equation for a, and since a is real and positive 
(see the product formula for f;(7)), the discriminant must be nonnegative, i.e., 


(a+bvV2) >8. 


Let 0; be a generator of Gal(L/K) (so o = 02). Then o;(/2) = — V2, and hence 


2 
oi(a) + ay =a bv. 


But o)(q) cannot be real, for then LN R = Q(a) would be Galois over Q, which 
contradicts Gal(L/Q) ~ Dg (see Lemma 9.3). Thus the discriminant of the resulting 
quadratic equation must be negative, i.e., 


(a—bV2) <8. 
Subtracting these two inequalities gives 
4abV2 > 0, 


so that a and b are positive since a > 0. ° 
As a and b range over all positive integers, the resulting numbers a + b/2 form 
a discrete subset of R (by contrast, Z[./2] is dense in R). Thus we can compute a 


and b by approximating a+2/a sufficiently closely. Setting g = e~™V14. (12.15) 
implies 


= = fa(V=14/2)? = 24"? TT +g"), 


n=1 


Applying the methods used in our class number 1 calculations, we see that 


I< = < 2g!/ 12620024 
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and thus 
gr i2972.0029 < gy < gH, 


These inequalities imply that 
2 
aba qo)! 2 4.24'/! = 2.6633 + .7509 = 3.4142, 


with an error of at most 10~*. Compare this to the smallest values of a+bV/2, 
a,b>0: 


1472 ~ 2.4142 <24 V2 = 3.4142 < 142V2 = 3.8284. 


It follows that a+ 2/a = 2+ V2, and then the quadratic formula implies 


24+V24V4v2-2 V24+14V2V2-1 
ne ee 


2 V3 


Since a % 2.6633 is the larger root, we have 


a=fi(v=tap= Ht a 


and we can now compute 72(/ — 14): 


v2 v2 


=2 (323 + 2285+ (231 + 161V3)\/2v3 - 1). 


where the last step was done using a computer. Cubing this, we get the formula for 
J(V—14) given in (12.1). 

An immediate corollary is that L = K(./2V2-— 1) is the Hilbert class field of 
K = Q(V—14). This method of determining L is more difficult than what we did 
in §5, but it’s worth the effort—the formulas are simply wonderful! These same 
techniques can be used to determine j(./—46) and j(./—142) (see Exercise 12.25), 
and in [102, §144] Weber does 7 other cases by similar methods. 

The examples done so far are only a small fraction of the singular j-invariants 
computed by Weber in [102]. He uses a wide variety of methods and devotes many 
sections to computations—the interested reader should consult §§125, 128, 129, 130, 
131, 135, 139, 143, and 144 for more examples. We should also mention that in 1927, 


Z (Awl) (Bett) 
2 
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Berwick [4] published the j-invariants (in factored form) of all known orders of class 
number < 3. For a discussion of how singular moduli were computed in the 1960s, 
see Herz [55]. 

Another person who thought deeply about singular moduli was Ramanujan. In 
Exercise 12.31 we will explain how one of his amazing identities leads to an easy 
proof of the formula 


fi(V/—14)? = att eve v2v2— 


used in Weber’s computation of j(/—14). 


E. Imaginary Quadratic Fields of Class Number 1 


We will end this section with another application of the Weber functions: the deter- 
mination of all imaginary quadratic fields of class number 1. 


Theorem 12.34. Let K be an imaginary quadratic field of discriminant dx. Then 
h(dx) = 1 <=> dx = —3,—4, -7, -8, -11, —19, —43, —67, -163. 


Remark. As we saw in Theorem 7.30, this theorem enables us to determine all dis- 
criminants D with h(D) = 1. 


Proof. This theorem was proved by Heegner [52] in 1952, but his proof was not 
accepted at first, partly because of his heavy reliance on Weber. In 1966 complete 
proofs were found independently by Baker [3] and Stark [96], which led people to 
look back at Heegner’s work and realize that he did have a complete proof after all 
(see Birch [6] and Stark [98]). We will follow Stark’s presentation [98] of Heegner’s 
argument. 

The first part of the proof is quite elementary. Let dx be a discriminant such 
that h(dx) = 1. Recall from Theorem 2.18 that h(—4n) = 1 if and only if —4n = 

4, -—8, —12, —16 or —28. Thus, if dx = 0 mod 4, then dy = —4 or —8 since dx is a 

field discriminant. So we may assume dx = 1 mod 4, and then Theorem 3.15 implies 
that there are 24~! genera of forms of discriminant dx, where yu is the number of 
primes dividing dx. Since h(dx) = 1, it follows that u = 1, so that dx = —p, where 
p =3 mod 4 is prime. 

If p =7 mod 8, then Theorem 7.24 implies that 


h(—4p) = 2h(—p) (1 = (=) 3) =h(-p) =1, 


and using Theorem 2.18 again, we see that p = 7. 
We are thus reduced to the case p = 3 mod 8, and of course we may assume that 
p #3. Then Theorem 7.24 tells us that 


h(—4p) = 2n(-p) (1- (SP) 5) = 3h(-7) =3. 
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This implies that Q(j(.,/—p)) has degree 3 over Q. By the second part of Theo- 
rem 12.24, we know that f(,/—p)* € K(j(,/—p)), and since f(,/—p)? is real, we see 
that f(,/—p)* generates a cubic extension of Q. 

Let 7 = (3+ /—p)/2, and set a = Gj 'f2(7)?. We can relate this to f(,/—p)? as 
follows. We know from (12.16) that 


fi(270) f2(70) = v2, 
and Corollary 12.19 tells us that 


fi(270) = fi(3 + V—p) = Gg 3§(./=p) = Ge fi f(V—p)- 


These formulas imply that a = 2/f(,/—p)’, and hence a generates the cubic exten- 
sion Q(f(,/—p)*). Note also that a* generates the same cubic extension. 

Let’s study the minimal polynomial of a*. Since O = [1,79] and h(—p) = 1, we 
know that j(7) is an integer, and then 72(79) is also an integer by Theorem 12.2. 
Since 


f2(7)* +16 
TT CF eee 
y2( 0) f2(70)8 
it follows that a4 = —f2(79)° is a root of the cubic equation 
(12.35) 2° —42(7)x— 16 =0. 


This is the minimal polynomial of a* over Q. 
However, a is also cubic over Q, and thus satisfies an equation of the form 


xvtar+bxtc=0, 


where a, b and c lie in Z since a@ is an algebraic integer. Heegner’s insight was that 
this equation put some very strong constraints on the equation satisfied by a4. In 
fact, moving the even degree terms to the right and squaring, we get 


(x3 + bx)? = (—ax? —c)’, 
so that @ satisfies 
x° + (2b —a’)x* + (b? —2ac)x* —c? = 0. 
Hence a’ satisfies the cubic equation 
etext fxrtg=—0, e=2b-a, f=b’-2ac, g=-c’, 
and repeating this process, we see that a‘ satisfies the cubic equation 
w+ (2f —e?)x* + (f? —2eg)x— 2”. 


By the uniqueness of the minimal polynomial, this equation must equal (12.35). 
Comparing coefficients, we obtain 


2f-—e? =0 
(12.36) f? —2eg = —72(70) 
g = 16. 
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The third equation of (12.36) implies g = +4, and since g = —c’, we have g = —4 
and c = +2. However, changing a to —a leaves a* fixed but takes a,b,c to —a,b, —c. 
Thus we may assume c = 2, and it follows that 


42(10) = —f? —8e = —(b? — 4a)? — 8(2b — a’). 


It remains to determine the possible a’s and b’s. 
The first equation 2f = e? of (12.36) may be written 


2(b? — 4a) = (2b—a’)’, 


which implies that a and b are even. If we set X = —a/2 and Y = (b—a’)/2, thena 
little algebra shows that X and Y are integer solutions of the Diophantine equation 


2x(X?+1)=Y? 
(see Exercise 12.26). This equation has the following integer solutions: 


Proposition 12.37. The only integer solutions of the Diophantine equation 
2x(x?4+1)=Y? 
are (X,Y) = (0,0), (—1,0), (1,2), and (2, +6). 


Proof. Let (X,Y) be an integer solution. Since X and X? + 1 are relatively prime, 
the equation 2X (X? + 1) = Y? implies that +(X? + 1) is a square or twice a square. 
Thus (X, Y) gives an integer solution of one of four Diophantine equations. These 
equations, together with some of their obvious solutions, may be written as follows: 


(i) X3+1=Z?, (X,Z)=(-1,0), (0,£1), (2,43). 
(ii) X3+1=-Z*, (X,Z) =(-1,0). 
(iti) W8+1=2Z?, (W,Z) =(1,+1). 
(iv) X¥3+1=-—2Z?, (X,Z) =(—1,0). 


To explain (iii), note that if X?-+ 1 = 2Z?, then 2X(X?+1) =Y? implies that ¥ = W? 
for some W, which by substitution gives us W° + 1 = 2Z?. In Exercises 12.27~12.29, 
we will show that the solutions listed above are all integer solutions of these four 
equations. Once this is done, the proposition follows easily. 

The integer solutions of equations (ii)—(iv) are relatively easy to find. We need 
nothing more than the techniques used when we considered the equation Y? = X? —2 
in Exercises 5.21 and 5.22. See Exercise 12.27 for the details of these three cases. 

The integer solutions of equation (i) are more difficult to find, and the elementary 
methods used in (ii)—{iv) don’t suffice. Fortunately, we can turn to Euler for help, 
for in 1738 he used Fermat’s technique of infinite descent to determine all integer 
(and rational) solutions of (i) (see [33, Vol. II, pp. 56-58]). A version of Euler’s 
argument may be found in Exercises 12.28 and 12.29. This completes the proof of 
the proposition. Q.E.D. 
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Once we know the solutions of 2X (X? + 1) = Y, we can compute a, b and hence 
(70). This gives us the following table: 


a=—2X | b=4x?+2Y (b? — 4a)* — 8(2b — a”) 


72(70) = 


Note that these -y2(79)’s are among those computed earlier in table (12.20). Since 
j(Ox) determines K uniquely (see Exercise 12.30), it follows that we now know all 
imaginary quadratic fields of class number |. This proves the theorem. Q.E.D. 


Note that Heegner’s argument is clever but elementary—the hard part is proving 
that f(,/—p)° lies in the appropriate ring class field. Thus Weber could have solved 
the class number | problem in 1908! We should also mention that there is a more el- 
ementary version of the above argument which makes no use of the Weber functions 
(see Stark [98]). 


F. Exercises 


12.1. Show that go(7), g3(7) and A(7) are real-valued when 7 is purely imaginary. 
Hint: use Exercise 11.1. 


12.2. Let F(q) = 1+ 0-2, ang” be a power series which converges in a neighbor- 
hood of the origin. 


(a) Show that for any positive integer m, there is a unique power series G(q), 
converging in a possibly smaller neighborhood of 0, such that F(q) = 
G(q)” and G(O) = 1. 


(b) If in addition the coefficients of F(q) are rational numbers, show that the 
power series G(q) from part (a) also has rational coefficients. 


12.3. In this exercise we will prove that S= (? ~}) and T = (} |) generate SL(2,Z). 
To start, let [ be the subgroup of SL(2,Z) generated by S and T. 


(a) Show that every element of SL(2,Z) of the form (¢%) or (23) lies in T. 
(b) Fix yo € SL(2,Z), and pick y € T' so that yo = (4°) has the minimal |c|. 
(i) If a=0 orc =O, then use (a) to show that yo € T. 


(ii) If c 40, then, of the y’s that give the minimal |c|, choose one that 
has the minimal |a|. Use 


tifa b\ fate * 
ee le _ 
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to show that |a| > |c|, and then use 


a b —c * 
c A) ~ ( a *) 
to show that a = 0. Conclude that yo € T. 


(c) Use (a) and (b) to show that S and T generate SL(2,Z). 


12.4. This exercise will give generators for the following subgroups of SL(2,Z): 
a b 
T9(2) = {( a) € SL(2,Z) c= 0 mod 2} 
To(2)! = { (: A € SL(2,Z) :b=0 mod 2 
T(2) = (2 ) € SL(2,Z) b=¢=0mod 2}. 


Let = (99),A=(j{ 7) and B= (9 /). 


(a) Modify the argument of Exercise 12.3 to show that —/, A? and B generate 
To(2). Hint: let I be generated by —/, A? and B. Given yo € 'p(2), 
choose y € I so that y7o = (¢ b) is minimal in the sense of Exercise 12.3. 
If c £0, show that |a| < |c|, and then use 


ate (@ &)\ _ a * 
c d ct+2a * 


to prove that a = 0, which is impossible in this case. 


(b) Show that —/, A and B? generate I'9(2)'. In the text, these generators are 
denoted —/, U and V respectively. 


(c) Adapt the argument of (a) to show that —/, A? and B? generate I'(2). 
12.5. This exercise is concerned with the properties of 72(7). 


(a) Prove (12.6) by induction on the length of (2 4) as a word in the matrices 
S and T of Exercise 12.3. 


(b) Use (12.6) to show that (7) is invariant under the group 


ra={(¢ |) :b=c=0mod 3}. 


roa=("9 t)t@(5 4), 


and conclude that -y3(37) is invariant under I'9(9). 


(c) Show that 
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12.6. 


12.7. 


12.8. 


12.9. 


12.10. 
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(d) Use (12.6) to show that the exact subgroup of SL(2,Z) under which (7) 
is invariant is 


{(¢ 2 €SL(2,Z):a=d=0mod 3 orb =e mod 3}. 


Complete the proof of part (ii) of Proposition 12.7 using the hints given in the 
text. 


Let O = [1,79] be an order of discriminant D in an imaginary quadratic field, 
and assume that 7 = \/—m or (3 + /—m)/2, depending on whether D = 0 
or 1 mod 4. Let O’ = [1,370] be the order of index 3 in O. If 3 { D, then prove 
that [1, 79/3] is a proper fractional O’-ideal. Hint: use Lemma 7.5. 


Adapt the argument of Lemma 12.11 to show that 


F& (4(3i) jUi/3)) # 


Hint: it suffices to show that (12.12) cannot hold. 


This exercise is concerned with the elementary properties of the Weber func- 
tions. 
(a) Prove the product expansions (12.15). 


(b) Prove the top line of (12.16). Hint: use the product exansions to show 


that 
nr) f(r) fi (7) fa(r) = V2n(r) 
(c) Prove the bottom line of (12.16). Hint: use the definitions. 


Exercises 12.10, 12.11 and 12.13 will explore the Weierstrass o-function. The 
basic properties of o(z;7) will be covered, though we will neglect the details 
of convergence. For careful treatment of this material, see Chandrasekharan 
[16, Chapter IV], Lang [73, Chapter 18], and Whittaker and Watson [109, 
Chapter XX]. As in the text, the o-function is defined by 


o(zir) =z Il (1==) erlot(1/2)(/o)? 
weEL—{0} 


where L = [1,7]. Note that o(z;7) is an odd function in z. We will write o(z) 
instead of o(z;T). 


(a) Define the Weierstrass ¢-function ¢(z) (which is different from the fa- 
mous Riemann ¢-function) by 


C(z) = aa 
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Using the definition of o(z), show that 


(b) Show that the ¢-function is related to the g-function by the formula 
e(z) = —C"(z). 


(c) By (b), it follows that if w € L, then ¢(z+w) — ¢(z) is a constant depend- 
ing only on w. Since L = [1,7], we define 7, and 7 by the formulas 


m = C(z+T) —¢(z) 
m = ¢(z+1) —¢{z). 


Then prove Legendre’s relation 
MT —M = 27i. 


Hint: consider tp ¢(z)dz, where TI’ is the boundary, oriented counter- 
clockwise, of the parallelogram P used in the proof of Lemma 10.4. By 
standard residue theory, the integral equals 27i by (a). But the defining 
relations for 7; and 7 allow one to compute the integral directly. 


(d) We can now show that 


o(z+7) = —e™@+2) g(z) 


o(zt+1l)= —emle+2) 9(z), 


(i) Show that 
4 oe+r) _ | ole+r) 


dz o(z) a a(z) ’ 


and conclude that for some constant C, 
o(z+7) =Ce™*o(z). 


(ii) Determine the constant C in (i) by evaluating the above identity at 
z= -—17/2. This will prove the desired formula for ¢(z+7). Hint: 
recall that o(z) is an odd function. 


(iii) In a similar way, prove the formula for o(z+ 1). 
12.11. The goal of this exercise is to prove the formula 


_o(z+w)o(z—w) 


9(z) — p(w) = TIO 
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Fix w ¢ L = [1,7], and consider the function 


o(z+w)o(z—w) 
o*(z)o?(w) 


(a) Show that f(z) is an even elliptic function for L. By Lemma 10.17, this 
implies that f(z) is a rational function in go(z). 


fly=- 


(b) Show that f(z) is holomorphic on C — L and that its Laurent expansion 
at z= 0 begins with 1/2’. 


(c) Conclude from (b) that f(z) = ¢(z)+C for some constant C, and evaluate 
the constant by setting z = w. This proves the desired formula. 


12.12. Use the previous exercise to show that 


2 =) 
eye eet Pa 


€3 — | 


1 
“(3) 
—em(rtny2___ NK 2P 
of{Tt+!)\ 4/7 
n( 2 (5) 


Hint: for e2 — e;, use the fact that 


1— 1 1 
o( x) =o(- 41] = nent i041) gf 1) 
— p-mt/2 T+ 
é a( 5) ) 


12.13. The final fact we need to know about the o-function is its g-product expansion 


1 2 _ G92) (1 — g7/42) 
o(zir) = s—e™ (qi? —q pT] ela) po 


where g, = e?"" and g, = e?™”. To prove this, let f(z) denote the right-hand 
side of the above equation. 
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(a) Show that the zeros of f(z) and o(z) are exactly the points of L. Thus 
o(z)/ f(z) is holomorphic on C — L. 


(b) Show that o(z)/f(z) has periods L = [1,7]. 
(c) Show that o(z)/f(z) is holomorphic at z = 0 and takes the value 1 there. 
(d) Conclude that o(z) = f(z). Hint: use Exercise 10.5. 


12.14. This exercise will complete the proof of the formulas (12.18), which express 
the differences e; — e; in terms of 7(7) and the Weber functions. 


(a) Use the product expansion from Exercise 12.13 to show that 


FT) = gmt? /8,—1/8 FT f(r)? 
(5) axe q nr)? 
THY) 1D or t1y?/8 1/8 £(7) 

o( 2 ) ~ OR? q n(r)2° 


(b) Use (a) and the formulas from Exercise 12.12 to show that 


e2-e, = n> n(r)* f(r)* 

e—e3 = 1 n(r)* fir)? 

e3—e,=1'7(T)*fr(r)®. 
This proves (12.18). Hint: use (12.16). 


12.15. In this exercise we will complete the proof of Theorem 12.17. Recall from 
Exercise 10.8 that g2(r) = —4(e1e2 + e1e3 + e2€3) and e; +e. +e3 =0. 


(a) Show that 
3g2(r) = 4((e2 — e1)” — (e2 —€3)(€3 —e1)). 


(b) The identity of part (a), together with the formulas for e; — e;, were used 
in the text to derive a formula for y2(7) in terms of f(7). Find two other 
identities for 3g2(7) similar to the one given in part (a), and use them to 
derive formulas for y2(7) in terms of f,(7) and f2(7). 


12.16. Use the formulas for y2(7) from Theorem 12.17 to show that the g-expansion 
of the j-function has integral coefficients. This proves Theorem 11.8. 


12.17. Complete the proof of Corollary 12.19. 


12.18. Verify the calculations made in table (12.20). 
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Use Theorem 6.1 to determine the Hilbert class field of K = Q(/—105), 
and show that its maximal real subfield is Q(v3, V5, V7). Hint: use The- 
orem 3.22 to show that the genus field equals the Hilbert class field in this 
case. 


This exercise is concerned with the properties of the Weber function (7). 
Let = (59),U = (19) and V = ($3). 
(a) Use Corollary 12.19 to show f,(U7)® = f,(Vr)® = —ifi(7)°. 


(b) In Exercise 12.4 we proved that —/, U and V generate I'p(2)'. Use in- 
duction on the length of y = (44) €T0(2)! as a word in —/, U and V to 
show that : 

fi (yr)° = j—ae— (1/2) bd+(1/2)b c fi (r)°. 


In this exercise we will show how to discover the transformation law for f, (7) 
proved in part (b) of Exercise 12.20. Let —/, U and V be as in Exercise 12.20. 
We will be using the groups 


ra={(2 A € SL(2,2) :b == 0mod 2} 
re={(¢ 2 €SL(2,2):b=e=0mod8 b, 


Note that (8) C I'(2) C (2)', and recall from Exercise 12.4 that —/, U? 
and V generate ['(2). 


(a) Show that (2) has index 2 in ['9(2)' with / and U as coset representa- 
tives. 


(b) Show that I'(8) is normal in SL(2,Z) and that the quotient P'(2)/T'(8) is 
Abelian. Hint: compute [U?,V]. 


(c) We can now discover how f;(r)°® transforms under 7 = (25) € I'(2). 
Write 


y = +|[[u*v*, 
i=l 
and set A = )~;_, a; and B= )>j_, bj. 
(i) Show that f,(yr)® = i744 §, (7°. 
(ii) Use (b) to show that y = UV8 mod I°(8), which means that 


a b\ _f{1 2B ~ 
€ : = eo 1 cas) modu?) 
(iii) Use (ii) to show that ac = 2A mod 8 and bd = 2B mod 8. 
(iv) Conclude that for all y € ['(2), 


fi (yr)° = aie aes (r)°. 


12.22. 


12.23. 
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(d) Now take y = (2) €[0(2)', y €I'(2). By (a), we can write y = U¥ 
for some ¥ € I\(2). Then use (c) to show that 


Pyare 2 
filyr)’ =i ac—(1/2)bd+(1/2)b fi(r)®. 


Hint: observe that a? = 1 mod 4 in this case. 
(e) To unify the formulas of (c) and (d), take y = (22) €T'9(2)'. Show that 


ip 0 mod 4 7 €T (2) 
| 4b? mod4 —-y €T°(2). 


From here, it follows immediately that 
gt Ane 2 
fi (yr)® = joe (1/2)bd+(1/2)b ce (r)® 


for all y € T'9(2)'. In §15 we will derive a transformation law for f; (yr)? 
using a different method. 


Let O = [1,./—m] and O’ = [1,4,/—m], where m > 0 is an integer satsifying 
m = 6 mod 8. Note that ©’ is the order of index 4 in O. Let a = [4,1+-/—m] 
and b = [8, /—m. 

(a) Show that a and 6 are proper fractional O’-ideals. Hint: use Lemma 7.5. 


(b) Show that the class of a has order 4 in C(O’) and is in the kernel of the 
natural map C(O’) — C(O). 


(c) Verify that Gb = (8, —2 + /—m| and @ = [4,-1+ /—m]. 
In this exercise we will prove part (11) of Theorem 12.24. We are thus con- 


cerned with f(,\/—m)*, where m = 3 mod 4 is a positive integer not divisible 
by 3. Let L denote the ring class field of the order O = [1, /—ml. 


(a) Show that f(,/—m)° € L implies that L = K(f(./—m)’). 


(b) By Corollary 12.19, we have f(7)° = ¢,fi(r +1)®. Use this to prove 
that f(87)° is a modular function for I'9(64). Hint: show that f;(r)° is 
invariant under 


T(8) = ce ‘) €SL(2,Z) : (< i) = ¢ , mod sh. 


Since I'(8) is normal in SL(2,Z), this implies that f(7)® is also invariant 
under I'(8). 


(c) Use Proposition 12.7 and Lemma 12.11 to show that 
f(V—m)° = S(j([8, V—m)), j([1,8V—m))) 
for some rational function S(X,Y) € Q(X,Y). 
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(d) Let O’ be the order [1,8,/—m]. Show that a = [8,2+ ./—m] and b = 
[8, /—m] are proper fractional O’-ideals. Then use (c) to conclude that 
f(\/—m)° lies in the ring class field L’ of O’. 


(e) Show that the extension L Cc L’ has degree 8 and that under the isomor- 
phism C(O’) ~ Gal(L’/K), the classes of the ideals a and b map to gen- 
erators a, and o; of Gal(L’/L). Thus we need to prove that f(,/—m)° is 
fixed by both go; and a. 


(f) Using (c) and Corollary 11.37, show that 


ai(f(W/—m)°) = S(j([4,3 +2V—m]), j([8,6 + V—m])) 


(this is where m = 3 mod 4 is used). 
(g) Let y = (7!) and 72 = (9 ~4). Then show that 


H(y17)° = SUi([4,3 + 27]), j((8,6 + 7})) 
F(a27)° = SG(L1,87}), i((8,7))). 


(h) Use Corollary 12.19 to show that f(r)° is invariant under both +, and 
2. Then (f) and (g) imply that f(,/—m)° is fixed by a; and a2 which 
completes the proof. 


Consider the orders O = [1, /—14] and O’ = [1,4,/—14]. By part (a) of Exer- 
cise 12.22, we know that 6 = [8, /—14] is a proper fractional O'-ideal. Under 
the natural map C(O’) > C(O), show that b maps to the unique element of 
order 2 of C(O). 


Compute j(./ —46) and j(./—142). Hint: in each case the class number is 4. 
Note also that 46 = 142 = 6 mod 8, so that part (1) of Theorem 12.24 applies. 


Let (a,b) be a solution of the Diophantine equation 2(b* — 4a) = (2b — a’). 


(a) Show that a and b must be even. 


(b) If we set X = —a/2 and ¥ = (b—a’)/2, then show that X and Y are 
integer solutions of the Diophantine equation 2X (X?+1)=Y?. 


This exercise will discuss three of the Diophantine equations that arose in the 
proof of Proposition 12.37. In each case, the methods used in Exercises 5.21 
and 5.22 are sufficient to determine the integer solutions. 


(a) Show that the only integer solution of X? + 1 = —Z? is (X,Z) = (—1,0). 
Hint: work in the ring Z[i]. 
(b) Prove that the only integer solutions of W®° +1 = 2Z? are (W,Z) = 


(£1,41). Hint: work in Zw], w = e?"/3. The fact that 3{W?+1 
will be useful. 
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(c) Show that the only integer solutions of X? + 1 = —2Z? are (X,Z) = 
(—1,0). Hint: work in the ring Z[./ —2]. 


12.28. Exercises 12.28 and 12.29 will present Euler’s proof [33, Vol. II, pp. 56-58] 
that the only rational solutions of X? + 1 = Z? are (X,Y) = (—1,0), (0,+1) 
and (2,+3). In this exercise we will show that there are no relatively prime 
positive integers c and b such that bc(c* — 3bc + 3b’) is a perfect square when 
c # band 3{c. The proof will use infinite descent. Then Exercise 12.29 will 
use this result to study X3+ 1 = Z?. 


(a) Let c and b be positive relatively prime integers such that the product 
be(c? — 3bc + 3b’) is a perfect square, and assume also that c # b and 
3 { c. Show that b, c and c? — 3bc + 3b? are relatively prime, and conclude 
that each is a perfect square. Then write c? — 3bc + 3b? = (2b —c)*, 
where n > 0, m > 0 and gcd(m,n) = 1. Show that this implies 


b _ 2mn—3n?* 


c. m—3n2- 
There are two cases to consider, depending on whether 3 { m or 3 | m. 
(b) Preserving the notation of (a), let’s consider the case 3 { m. 
(i) Show that b = 2mn — 3n? and c = m? — 3n?. 
(ii) Since c is a perfect square, we can write m? — 3n? = (En —m)*, 


where p > 0, q > 0 and gced(p,q) = 1. Show that p and q may be 
chosen so that 3 { p, and show also that 


m_ p?+3q° 


n 2pq 


(iii) Prove that 
bp’ —3pq+3q" 
ae Pq 
and conclude that pq(p” — 3pq + 3q”) is a perfect square. Show also 
that p # q. Hint: use (i) and (ii) to show that p = q implies c = 3. 
(iv) By (ii) and (iii) we see that p and q satisfy the same conditions as c 
and b. Now prove that g < b, which shows that the new solution is 
“smaller.” Hint: note that q | b, so that g < b unless g =n = b. Use 
(i) and (ii) to show that c = 3 in this case. 


? 


(c) With the same notation as (a), we will now consider the case 3 | m. Then 
m = 3k, so that by (a), 
b _ n*—2nk 
c. nt—3k° 
Since 3 {n, the argument of (b) implies that b = n? — 2nk and c = n* — 
3k, and since c is a perfect square, we can write n* — 3k? = (tk—n), 
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where p > 0, g > 0 and gcd(p,q) = 1. As in (b), we may assume 3 { p, 
and we also have 
n_ p?+3q? 
k 2pq 
(i) Show that 
b _ p—4pqt3¢ _ (p—a)(p—39) 


nr p?2+3¢ p?+3¢q ’ 


and conclude that (p — g)(p — 3q)(p* + 3q’) is a perfect square. 
(ii) Let t = |p — g| and u = |p — 3q|. Show that 


(p —4)(p — 3q)(p? + 3q°) = tu(u? — 3tu + 31’). 


Show also that 3 { u and that t and u are positive and unequal. 

(iii) It follows from (i) and (ii) that u and t, divided by their greatest 
common divisor, satisfy the same conditions as c and b. Now prove 
that t < b, so that the new solution is “smaller.” Hint: consider the 
cases t = q— p and t = p — q separately. In the latter case, note that 


p\n+ Vn? — 3k’, and that p = n+ V/n2 — 3k? implies g = k. 


Thus, given c and b satisfying the above conditions, we can always produce a 
pair of integers satisfying the same conditions, but with strictly smaller b. By 
infinite descent, no such c and b can exist. 


12.29. We can now show that the only rational solutions of X3 + 1 = Z? are (X,Y) = 
(—1,0), (0,41) and (2,43). Let (X,Y) be a rational solution, and write 
X =a/b, where b > 0 and gcd(a,b) = 1. Assume in addition that a/b 4 —1, 
0 or 2, and set c= a+b. Our goal is to derive a contradiction. 


(a) Show that b(a? + b*) = be(c? — 3bc + 3b”) is a perfect square and that b 
and c are relatively prime, positive, and unequal. 


(b) It follows from Exercise 12.28 that 3 | c. Then c = 3d and 3{b. Show 
that bd(b? — 3bd + 3d”) is a perfect square, and use Exercise 12.28 to 
show that b = d. This implies b = d = 1, and hence c = 3. Then a/b = 2, 
which contradicts our initial assumption. 


12.30. If K and K’ are imaginary quadratic fields and j(Ox) = j(Ox:), then prove 
that K = K’. Hint: use Theorem 10.9. 


12.31. It turns out that Ramanujan could have proved the formula 


¥2+14+V2V2-1 
J2 


used in Weber’s computation of j(\/—14). In his notebooks, Ramanujan used 


fi(v—14) = 


f(-a)=][a-), q=e", 
n=1 
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which is related to the Dedekind y-function by f(—q) = g~!/**n(r). Then 
Entry 55 from Chapter 25 of Berndt [A2, p. 209] states that if we define 
2 F(a ed) 


ql? f(—g?)’  ~ a f*(—q"4)’ 


APSO OP (2) 
ro+ >= (2) 85 has 0) ° 


This is one of 23 “P-Q modular equations” given in [A2], which were stated 

by Ramanujan without proof in his notebooks. Full proofs appear in [A2}. 
In this exercise you will show that Weber’s formula for f; (\/— 14)? follows 

from the above P-Q modular equation by setting g = e~" V 2/7. As in the text, 


let a = f,(V/—14)*. 


(a) Prove that P= V/14(2/a) and Q = \/7/2(a/2) when q = e77V7/", and 
conclude that PQ = 7 and Q/P = a*/2. Hint: the formula for 7(—1/7T) 
from Corollary 12.19 will be useful. 


then 


(b) Use Ramanujan’s P-Q modular equation to derive Weber’s formula for 
a = f,(/—14)?. Hint: use the modular equation to find a cubic equation 
with 8 = a? /2+2/a? as root. Factoring this cubic will give a quadratic 
equation satisfied by (. 


This exercise is due to Heng Huat Chan. 
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Now that we have discussed singular j-invariants and computed some examples, it 
is time to turn our attention to their minimal polynomials. Given an order © in an 
imaginary quadratic field K, Ho(X) will denote the monic minimal polynomial of 
J(O) over Q. Note that Ho(X) has integer coefficients since j(O) is an algebraic 
integer. The equation Ho(X) = 0 is called the class equation, and by abuse of termi- 
nology we will refer to Ho(X) as the class equation. Since O is uniquely determined 
by its discriminant D, we will often write Hp(X) instead of Ho(X). 

For an example of a class equation, consider the order Z[\/—14] of discriminant 
—56. It’s j-invariant is j(./—14), which we computed in (12.1). Thus the minimal 
polynomial of j(/—14) is 


H_56(X) = X* — 28. 19-937 -3559X? + 2'3 . 251421776987 X” 


(13.1) 
+2%.3.11°-19-21323X + (28. 117-17-41)3, 


where the coefficients have been factored into primes. Note that the constant term, 
being the norm of j(/—14) = 72(/—14)?, is a cube by Theorem 12.2. 
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The first part of §13 will describe an algorithm for computing the class equation 
Hp(X) for any discriminant D. We have a special reason to be interested in this 
question, for by Theorem 9.2, the polynomial H_,,(X) gives us the criterion for 
when a prime is of the form x? + ny”. Thus our algorithm will provide a constructive 
version of Theorem 9.2. In the second part of §13, we will discuss work of Deuring, 
Gross and Zagier on the class equation. We will see that there are strong restrictions 
on primes dividing the discriminant and constant term of the class equation. The 
small size of the primes appearing in the constant term of (13.1) is thus no accident. 


A. Computing the Class Equation 
We will begin by giving a more precise description of the class equation: 


Proposition 13.2. Let O be an order in an imaginary quadratic field K, and let a, 
i=1,...,h, be ideal class representatives (so that h is the class number). Then the 
class equation is given by the formula 


h 
Ho(X) = [ (x - j(ai)). 
i=] 


Proof. This result is an easy consequence of Corollary 11.37 (see Exercise 13.1), but 
there is a more elementary argument which we will now give. 

By Theorem 11.1, K(j(Q)) is the ring class field of O. Thus [K(j(O)) : K] =, 
and since j(Q) is real, it follows that [Q(j(O) : Q] =h. This shows that Ho(X) has 
degree h. Now let a be a root of Ho(X), and let o be an automorphism of C that 
takes j(O) to a. In the proof of Theorem 10.23 we showed that o(j(O)) = j(a) for 
some proper fractional O-ideal a (see (10.26)). Hence every root of Ho(X) is also 
a root of igen (X — j(a;)), and since both polynomials are monic of degree h, they 
must be equal. Q.E.D. 


An important consequence of this proposition is that Ho(X) is the minimal poly- 
nomial of j(a), where a is any proper fractional O-ideal. 

The algorithm we will present for computing Ho(X) uses the theory of complex 
multiplication, and in particular, the polynomial ®,,(X,X) obtained by setting X = Y 
in the modular equation plays an important role. The reason for this is the following 
observation: 


Lemma 13.3. Let m> 1. If O has a primitive element of norm m, then the class 
equation Ho(X) is an irreducible factor of ®,(X,X). Furthermore, every irre- 
ducible factor of ®,,(X ,X) arises in this way. 


Proof. Let a € O be a primitive element of norm m. Corollary 11.27 tells us that 
aO C Ois acyclic sublattice of index m, and it follows that 


0 = On(j(2O), ((O)) = On(i(O), H(O)). 


Thus j(O) is a root of ®,,(X,X), which implies that its minimal polynomial Ho(X) 
is a factor of ®,,(X,X). 
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To show that every irreducible factor of ©,,(X,X) is a class equation, suppose 
that ,,(8, 2) =0. Then Theorem 11.23 implies that 6 = j(L) = j(L’), where L’ cL 
is a cyclic sublattice of index m. By Theorem 10.9, L’ = aL for some complex 
number a, and then a is primitive of norm m by Corollary 11.27. Thus a ¢ Z, 
so that L has complex multiplication by a. By Theorem 10.14, this means that up 
to homothety, L is a proper fractional O-ideal for some order O in an imaginary 
quadratic field. Then 8 = j(L) has Ho(X) as its minimal polynomial, and hence 
Ho(X) is the corresponding irreducible factor of ®,(X ,X). QED. 


Our next task is to determine what power of Ho(X) appears in the factorization 
of ®,,(X,X). The answer involves the number r(O,m), which is defined as follows. 
Given an order © in an imaginary quadratic field and a positive integer m, set 


r(O,m) = |{a € O: ais primitive, N(a) = m}/O*|, 


where the units O* act by sending a to ea for € € O*. It is easy to see that r(O,m) 
is finite, and for a given m, there are only finitely many orders with r(O,m) > 0 (see 
Exercise 13.2). Then the following theorem tells us how to factor ®,,(X ,X): 


Theorem 13.4. [fm > 1, there is a constant Cm € C* such that 


}n(X,X) = Cm] [Ho(xX)O. 
fe) 
Proof. Fix an order O, and pick a number 7 in the upper half plane such that 
O = [1,79]. To prove the theorem, it suffices to show that j/(O) = j(79) is a root 
of ®,,(X,X) of multiplicity r(O,m). 
We begin by studying the multiplicity of j(7)) as a root of ®,,(X, j(7o)). Using 
the standard factorization 


$(X, im) = [] &-ilon)), 


o€C(m) 
we see that 
®,,(X, j(7)) =(X— i(m))’ [] %-<slor)), 
i(a70)#i(70) 
where 
(13.5) r=|{o €C(m) : j(a7) = j(70)} |. 


Thus j(7o) is a root of multiplicity r of ®,,(X, j(70)). 

We will next show that the number r of (13.5) is the multiplicity of j(79) as a root 
of ®,,(X,X). To see what’s involved, suppose that we have a polynomial F (X,Y) and 
a number Xo such that F (Xo, Xo) =0. Then Xp is a root of both F(X ,X) and F(X,Xo), 
but in general, the multiplicities of these roots are different (see Exercise 13.3 for 
an example). So it will take a special argument to show that j(7>) has the same 
multiplicity for both ®,,(X,X) and ©®,,(X, j(7)). The basic idea is to show that 


lim Slee 
u-+j(t) Om (u, j(T0)) 
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is nonzero, which will force the multiplicities to be equal (see Exercise 13.3). To 
study this limit, note that 


On(uju) lim Om(i(T), I(T) 


en) Bul, j(7)) 7 BuCi(T), f(t) 
ale i(r) - jlor) 
= tin, IT ie=iten)" 


It suffices to compute the limit of each factor individually. Note that if j(7) 4 
j(o79), then the limit of the corresponding factor is 1. Hence we need to study the 
limit 

pergy Lea a2 
710 j(T) — j(o70) 
when o € C(m) satisfies j(7)) = j(o70). 

The equality j(7) = j(o79) implies that there is some y € SL(2,Z) such that 

oT = YT. If we set’ = y~'a, then & fixes 7). Note also that det(a) = m and that 
the entries of & are relatively prime. Using G, the limit (13.6) can be written 


(13.6) 


kim i) H67) 
tr j(T) — j(70) | 
Consider the Taylor expansion of j(7) about 7 = 7: 
(7) = (to) tax(r—to) +++, ae #0. 
Substituting o7 for T, we get the series 
(G7) = jt) +ak(Gr — )F + °°, 
and then one computes that 


i(t)— (GT) _ ax((r — 7) — (67 — 7) +--+ 


(tT) ~ i(t) a(t — To)K ++ 
Soi (==) 
T—T0 
Since ¥ 
oT — OT-G%] ., 


1 
LT: T= 19 T+ T—TO 


it follows that the limit (13.6) equals 1 — G'(79)*, and thus we need to prove that 
(13.7) &' (7) #1, 


where k is the order of vanishing of j(7) — j(1) at To. 
If we write ¢ = (24), then an easy computation shows that 
a" (7) = 


plate 
(ct +d)? : 
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Note also that c 4 0 since G fixes 7 (see Exercise 13.4). Now suppose that j(7) 40 
or 1728. Then, by part (iv) of Theorem 11.2, it follows that k = 1, so that (13.7) 
reduces to 


1, 
Gage +d) 7 
which is obvious since c # 0 and 7 is not a real number. When j(7)) = 1728, we 
can assume that 7 = i (recall that j(i) = 1728), and then Theorem 11.2 tells us that 
k = 2. Thus if (13.7) failed to hold, we would have 


m2 


oe Si 
(cit+d)* 


which implies that c = +./m and d = 0 (see Exercise 13.4). Then G(i) = i tells us 
that a = 0 and b = +,/m. So either & doesn’t have integer entries (when m is not a 
perfect square), or the entries are integers with a common divisor (since m > 1). Both 
cases contradict what we know about G, so that (13.7) holds when j(7)) = 1728. The 
case when j(79) = 0 is similar and is left to the reader (see Exercise 13.4). 

We should mention that the standard treatment of (13.6) in the literature (see 
Deuring [24, §12] or Lang [73, Appendix to §10]) seems to be incomplete. 

We have thus shown that the multiplicity of j(7)) as a root of ®,,(X,X) is 


r=|{o €C(m) : j(o7) = (70) } 1, 
and it remains to show that r = r(O,m), where 
r(O,m) = |{a€ O: ais primitive, N(a@) = m}/O*|. 


To prove the desired equality, we will construct a map a++ 0. Namely, if a € O is 
primitive of norm m, then by Corollary 11.27, a0 is a cyclic sublattice of O of index 


m, and since O = [1,79], Lemma 11.24 implies that there is a unique ¢ = (45) € 


C(m) such that @O = d[i,o79]. Then o satisfies j(07)) = j(79), and note also that 
if e € O*, then ea maps to the same o that a does. Thus we have constructed a 
well-defined map 


{a € O: ais primitive and N(a) = m}/O* — {0 €C(m): j(o7) = j(70)}. 


This map is easily seen to be bijective (see Exercise 13.5), which proves that r = 
r(O,m). This completes the proof of Theorem 13.4. Q.E.D. 


Besides knowing the factorization of ®,,(X ,X), its degree is easy to compute: 


Proposition 13.8. [fm > 1, then the degree of ®m(X,X) is 
2 y sella mia *BeHa ,m/a))+4(/m), 
a> /m 


where ¢ is the Euler $-function and $(,/m) = 0 when m is not a perfect square. 
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Proof. The proof of this proposition is given in Exercise 13.6. Q.E.D. 


If we write r(O,m) as r(D,m), where D is the discriminant of O, then Proposi- 
tion 13.8 and Theorem 13.4 allow us to express the degree of ®,,(X ,X) in two ways. 
This gives us the following corollary, which is one of Kronecker’s class number re- 
lations: 


Corollary 13.9. [fm > 1, then 


a 
2pm) =2 2 sede, may P88 (arm/a)) + o(/m). QED. 
a>/m 
To illustrate the above theorems, let’s study the case m = 3. There are only 
four orders with primitive elements of norm 3, namely Z[{w], Z[/—3], Z[/—2] and 
Z|(1+V—11)/2], and the corresponding r(D,3)’s are 1, 1, 2 and 2 respectively (see 
Exercise 13.7). Then Theorem 13.4 tells us that 


(13.10) }3(X,X) = +H_3(X)H_12(X)H_8(X)°An(X)’, 


and since ®3(X,X) has degree 6 by Proposition 13.8, we get the following class 
number relation: 
6 = h(—3) + h(—12) + 2h(—8) + 2h(—11). 


This equation implies that all four class numbers must be one. 
We can work out (13.10) more explicitly, for we know ©3(X,Y) from (11.22). 
Setting X = Y gives us 


3(X,X) =—X° +4464 X° + 2585778176 X* + 17800519680000 X? 
— 769939996672000000 X” + 3710851743744000000000, 


and factoring this over Q, we obtain 
3(X,X) = —X(X — 54000)(X — 8000)?(X + 32768)’. 


In §§10 and 12, we computed the j-invariants j((1+/—3)/2) =0, j(/—2) = 8000 
and j((1+ V—11)/2) = —32768. Thus we recognize three of the above four factors, 
and it follows that the fourth must be H_2(X), ie., 


H_\2(X) =X — j(V—3) = X — 54000. 


This proves that j(,/—3) = 54000. 

Let’s now turn to the general problem of computing a given class equation Hp(X). 
Since ®,,(X,X) will have many factors, we need to know which one is the particu- 
lar Hp(X) we’re interested in. The basic idea is to use multiplicities to distinguish 
the factors we seek. In particular, the factors of multiplicity one play an especially 
important role. Let’s define the polynomial 


@mi(X,X)= J] p(X). 
r(D,m)=1 
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By Theorem 13.4, we know that ®,, 1(X,X) is the product of the multiplicity one 
factors of ®,,(X,X). We can describe ®,, ;(X,X) as follows: 


Proposition 13.11. [fm > 1, then ®,\(X,X) equals 


H_4(X)H_3(X) ifm=2 
H_m(X)H_am(X) ifm =3 mod 4 and mF 3k, k > 1 
H_4n(X) ifm > 2, m#3 mod 4 orm=3k,k>1. 


Proof. Let’s first show that the Hp(X)’s listed above are factors of multiplicity one 
of ®,,(X,X). Since +,/—m are the only primitive norm m elements of Z[,/—m], 
it follows that H_4,,(X) is a factor of multiplicity 1. When m = 2, the elements of 
norm 2 in Z[i] are +1 +i, which are all associate under Z|i]*. Thus H_4(X) is also a 
factor of multiplicity one. Finally, when m = 3 mod 4 and m # 3k’, k > 1, we need 
to consider the multiplicity of H_,(X). The order Z[(1 + ./—m)/2] has at least two 
primitive norm m elements, namely +./—m. To see if there are any others, suppose 
that a+ b(1 + ./—m)/2 is also primitive of norm m. Then b ¥ 0 and, taking norms, 


4m = (2a +b)? + mb’. 


Thus b = +1 or £2, and b = +2 leads to the solutions we already know. So what 
happens if b = +1? This clearly implies 3m = (2a + b)*, so that m = 3k’, and since 
k > 1 is excluded by hypothesis, we see that m = 3. Here, b = +1 leads to 4 more 
solutions, but since |Z[¢,|*| = 6, we still get a multiplicity one factor. 

The next step is to show that these are the only factors of multiplicity one. So 
suppose that r(O,m) = 1 for some order O. For simplicity, let’s also assume that 
O* = {+1}. Given a € O primitive of norm m, note that ta and +@ are also 
primitive of the same norm. Then r(O,m) = 1 implies that @ = ta. But @ = a is 
easily seen to be impossible (a is primitive and m > 1), so that @ = —a. This means 
that @ is a rational multiple of VD, where D is the discriminant of O. The argument 
now breaks up into two cases. 

If D=0 mod 4, then O = [1, /D/2], so that a, being primitive, must be +,/D/2. 
This implies that m = N(a) = —D/4, hence D = —4m. The corresponding factor is 
thus H_4m(X), which is one of the ones we know. 

If D = 1 mod 4, then O = [1,(1+ VD)/2], so that a =a+b(1+VD)/2. Since 
a is a multiple of V/D, we have 2a + b = 0, and since a and b are relatively prime (a 
is primitive), we have b = +2. This means that a = +VD, so that m= N(a) = —D. 
Thus D = —m, and this will be the other case we know once we prove that m 4 3k’, 
k > 1. So suppose that m has this form. Then D = —3k’, which means that © is the 
order of conductor k in Z[¢,]. One easily computes that --k./—3 and +k(1 —¢,) are 
primitive elements of © of norm 3k? = m. Since we are assuming O* = {+1}, this 
contradicts our assumption that r(O,m) = 1. 

It remains to consider the case when O* 4 {+1}. We leave it to the reader to 
check that when O = Z[¢,] (resp. O = Z[i]), r(O,m) = 1 implies that m = 3 (resp. 
m = 2) (see Exercise 13.8). This completes the proof of Proposition 13.11. Q.E.D. 
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It is now fairly easy to compute Hp(X) using the ®,,(X,X)’s. In the discussion 
that follows, m will denote a positive integer, and for simplicity we will assume 
m > 3. It turns out that there are three cases to consider. 

If m 43 mod 4 orm= 3k2, then Proposition 13.11 tells us that 


H_am(X) = ®mi(X,X), 


so that once we factor ®,,(X ,X) into irreducibles, we know H_4,(X). 
Next, if m = 3 mod 8 andm # 3k?, then Proposition 13.11 tells us that 


(13.12) H_m(X)H—am(X) = ®m,1(X,X). 


But since m > 3 and m = 3 mod 8, it follows from Corollary 7.28 that h(—4m) = 
3h(—m), so that H_4,(X) has greater degree than H_,,(X). It follows that factoring 
®,(X,X) determines both H_m(X) and H_am(X). 

Finally, if m= 7 mod 8, then (13.12) still holds, but this time more work is needed 
since H_»(X) and H_4n(X) have the same degree by Corollary 7.28. We claim that 


(13.13) H_m(X) = gced(®m,1(X,X), Bom4iy/a(X,X)). 


To see this, first note that H_»(X) divides ®(,,4 1)/4(X,X) since in the order of dis- 
criminant —m, (1 + ./—m)/2 is primitive of norm (m+ 1)/4. If we turn to the order 
of discriminant —4m, there are no primitive elements of norm (m-+ 1)/4 (see Exer- 
cise 13.9), and (13.13) follows. Thus, to determine H_,(X) and H_4m(X), we need 
to factor both ®,,(X,X) and (,,41)/4(X,X) into irreducibles. 

Using the above process, it is now easy to compute any Hp(X), assuming that 
we know the requisite modular equation (or equations). Some simple examples are 
given in Exercise 13.10. 


B. Computing the Modular Equation 


To complete our algorithm for finding the class equation, we need to know how to 
compute the modular equation ®,,(X,Y) = 0. This turns out to be the weak link in 
our theory, for while such an algorithm exists, it is so cumbersome that it can be 
implemented only for very small m. 

The first step in computing ©,,(X,¥) is to reduce to the case when m is prime. 
This is done by means of the following proposition: 


Proposition 13.14. Let m > 1 be an integer, and set VU(m) =m it Pme +1/p), which 
is the degree of ®,(X,Y) as a polynomial in X. 
(i) [fm = mm2, where m, and mz are relatively prime, then 


U(m2) 


Gn(X,Y)= [] On, (X,&), 


i=l 


where X = &; are the roots of Bm,(X,Y) = 0. 
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(ii) [fm = p*, where p is prime and a > 1, then 


Te), (X, 6) 


a>2 
® n-2(X, VY )P 
Barney Se) 
Ti Sp (X,&) = 
“Gay a= 
where X = &; are the roots of ®y-1(X,Y) =0. 
Proof. See Weber [102, §69]. Q.E.D. 


Now let p be a prime. To compute ®,(X,Y), we will follow Kaltofen and Yui 
{66] and Yui [110]. First note that by parts (iii) and (v) of Theorem 11.18, we have 


&,(X,Y)=,(Y,X), (X,Y) =(X? —¥)(X —Y”) mod pZ[X,¥], 


and we also know that ®,(X,Y) is monic of degree ¥(p) = p+ 1 as a polynomial in 
X. Thus we can write ®,(X, Y) in the following form: 


(13.15) (XP -Y)(X—¥?) +p D> cuX'¥'+p D> ci(X'¥/+X/¥'), 
O0<i<p O<i<j<p 


where the coefficients c;;’s are integers. We will use the g-expansion of the j-function 
to obtain a finite system of equations that can be solved uniquely for the c;;’s. 
By the definition of the modular equation, we have the identity 


®,(j(PT), i(7)) = 


Substituting the g-expansions for j(7) and j(pT) into this equation and using (13.15), 
we obtain 


0 = (j(pT)? — i(7))(i(pr) — i(7)?) 


(12:19) +P >> cui(pry ir) +p D> cyj(i(pr) ir) + (pr) i(7)').- 
O<i<p OSi<j<p 


If we equate the coefficients of the different powers of g, then we get an infinite 
number of linear equations in the variables c;;. We can reduce to a finite number of 
equations as follows: 


Proposition 13.17. The finite system of linear equations obtained by equating co- 
efficients of nonpositive powers of q in (13.16) has a unique solution given by the 
coefficients c;; of the modular equation. 


Proof. Since the modular equation provides one solution, it suffices to prove unique- 
ness. Using (13.15), a solution of these equations gives a polynomial F(X,Y) with 
the following three properties: 
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(i) F(X,Y) is monic of degree p+ 1 in X. 
(ii) F(X,Y) =F(Y,X). 
(iii) limim(r)—+00 F (j(PT), (7) = 0. 


To explain the last property, note that the g-expansion of F(j(pr), j(7)) contains no 
nonpositive powers of g since F (X,Y) comes from a solution of our finite system of 
equations. Since g > 0 as Im(r) — oo, (iii) follows. 

We claim these properties force F(X,Y) = ®,(X,Y), which will prove unique- 
ness. The idea is to study F(j(pr), j(7)), which is a modular function for [o(p). 
We will first show that F(j(pr), j(7)) vanishes at the cusps, which means that 


(13.18) lim F(j(pyr), j(yr)) =0 for all y € SL(2,Z). 


Im(7)—00 
Using (11.12), this is equivalent to showing 


lim F(j(or),j(r)) =0 for all o € C(p). 


Im(t)— 00 


When o = (2°), we're done by (iii), and when o # (2 ?)» @ must be of the form 
(6 >) Since p is prime. If we set u = or = (7 +i)/p, then rT = pu —i, and 


lim F(j(o7),i(7)) = lim FGi(u), (pu i) 


Im(7)~900 Im(r)—+00 
= lim F(j(u), j(pu)) 


Im(u)—- 00 
F(j(pu), j(u)) =9, 


= lim 
Im(u)—+00 
where we used (ii) and (iii) above. This proves (13.18). 

Thus F(j(pr), j(7)) is a holomorphic modular function for '9(p) which van- 
ishes at the cusps. For modular functions for SL(2,Z), we proved in Lemma 11.10 
that such a function is zero, and the proof extends easily to the case of T'o(p) (see 
Exercise 13.11). This shows that F(j(pr),j(7)) = 0, so that j(pr) is a root of 
F(X, j(r)) and ®,(X, j(r)). Since the latter is irreducible over C(j(r)), it must di- 
vide F(X,J(7)) Both F(X,Y) and ®,(X,Y) are monic of the same degree, and hence 
they must be equal. Q.E.D. 


Looking at the g-expansions for j(7) and j(p7r), the most negative power of g in 
(13.16) is qe , and it follows that the system of equations described in Proposi- 
tion 13.17 has p? + p+ 1 equations in the (p? +3p+2)/2 unknowns c;;. With some 
cleverness, one can reduce to p* + p equations in (p* + 3p)/2 unknowns (see Yui 
{110]). These equations have been written down explicitly by Yui {110}, though the 
resulting expressions are extremely complicated. For a discussion of the computa- 
tional aspects of these equations, see Kaltofen and Yui [66]. 

We are not quite done, for our equations for ©,(X, Y) involve the g-expansions of 
j(r) and j(pr). Hence we need to calculate those coefficients of the g-expansions 
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which contribute to negative powers of q in (13.16). It suffices to do this for j(r), 


and because the most negative power of qg in (13.16) is q iP -P , we need only the first 
p* + p coefficients of the g-expansion of the j-function. In §12 we found some nice 
formulas for 


“\ g2(T)? 
J(r) = 1728 A(t)” 


but to get the g-expansion, we need series expansions of the numerator and denomi- 
nator. For go(T), we use the classical formula 


gor) = CAD (1-240 ost ‘). 


where o3(n) = Dane (see Lang [73, §4.1] or Serre [88, §VII.4.2]), and for A(r), 
we know from Theorem 12.17 that 


A(r) = ena] Te — 4" 


This is still not a series, but if we use Euler’s famous identity 


oo CO 


Ta -q')= >a qhentie 


n=1 n=—0o 


(see Hardy and Wright (48, §19.9]), then it becomes straightforward to write a pro- 
gram to compute the g-expansion of j(7). A description of how to do this is in Her- 
mann [53] (he also gives an alternate approach to calculating the modular equation), 
and one finds that the first few terms of the g-expansion are 


1 
i(r) = +744 + 196884 q + 21493760q + 864299970q° 
+ 20245856256 q* + 333202640600q°+-:-. 


These formulas also give a second proof that the g-expansion of j(7) has integer 
coefficients (see Exercise 13.12). 

The conclusion of this rather long discussion is that for any integer m > 0, we 
can compute ®,,(X,Y), which then gives us ®,,(X,X) by setting X = Y. There are 
known algorithms for factoring ©,,(X,X) into irreducibles, and then the discussion 
following Proposition 13.11 shows how to compute Ho(X). We have thus proved 
the following theorem: 


Theorem 13.19. Given an order O in an imaginary quadratic field, there is an 
algorithm for computing the class equation Ho(X). Q.E.D. 


The problem with this theorem is that our algorithm for computing He(X) re- 
quires knowing ©,,(X,Y). Modular equations are extremely complicated polyno- 
mials and are difficult to compute. We saw in (11.22) that ®3(X,Y) is very large, 
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and things get worse as m increases. For example, the printout of ®,,;(X,Y) takes 
over two single-spaced pages, and some of the coefficients have over 120 digits (see 
Kaltofen and Yui [66]). In general, Cohen [18] proved that the maximum of the 
absolute values of the coefficients of ®,,(X,Y) is asymptotic to exp(6V(m)log(m)), 
where Y(m) = m[J,,,,(1 + 1/p), so that the growth is exponential in m. Hence the 
above algorithm is not a practical way to compute class equations. 

A more efficient approach to computing Hp(X) has been developed by Kaltofen 
and Yui [65]. The basic idea is to compute Hp(X) directly from the formula 


h 


Hp(X) = I[« — j(ai)). 


i=] 


We know how to find the h = h(D) reduced forms of discriminant D, and then the 
a;’s can be taken to be the proper O-ideals corresponding to the reduced forms via 
Theorem 7.7. Since Hp(X) has integral coefficients, we need only compute j(a;) 
numerically to a sufficiently high degree of precision, and the formulas for j(7) 
given in §12 are ideal for this purpose. For an example of how this works, consider 
the case of discriminant D = —71. Here, the class number is h(—71) = 7, and the 
above process shows that the minimal polynomial of j((1 + /—71)/2) is 


H_7\(X) =X1+5-7-31- 127-233-9769 x°® 
—2-5-7-44171287694351X°> 
+2-3-7-2342715209763043 144031 X4 

(13.20) —3-7-31- 1265029590537220860166039 X? 
+2-7-11°-67-229- 1797402619247 1785192633 X* 
—7-11°- 17° - 1420913330979618293X 
+ (113-17?-23-41-47-53)>. 

(This example was taken from the preliminary version of [65]—all primes < 1000 

were factored out of the coefficients.) Note that the constant term is a cube, as 

predicted by Theorem 12.2. 

We can apply the algorithm of Theorem 13.19 to give a constructive version of 


Theorem 9.2, but before we do this, we need to learn about the work of Deuring, 
Gross and Zagier on the class equation. 


C. Theorems of Deuring, Gross and Zagier 


In 1946 Deuring [25] proved a remarkable result concerning prime divisors of the 
difference of two singular moduli. To state Deuring’s theorem precisely, let O, and 
O, be orders in imaginary quadratic fields K; and K2 respectively, and for i = 1, 2, 
let a; be a proper fractional O;-ideal. Then we have: 
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Theorem 13.21. Let L be a number field containing j(a,) and j(a), and let be a 
prime of L lying over the prime number p. When K, = K2, assume in addition that p 
divides neither of the conductors of O, and O>. If j{a,) # j(a2), then 


p splits completely 


i(a1) = j(a2) mod B => e neither K, nor Kp. 


Proof. The proof uses reduction theory of elliptic curves. See Deuring [25] or Lang 
(73, §13.4]. Q.E.D. 


We can use this theorem to study the constant term and discriminant of the class 
equation: 


Corollary 13.22. Let D < 0 be a discriminant, and let p be prime. 


(i) If p divides the constant term of Hp(X) and Q(VD) 4 Q(/—3), then either 
p=3or p=2 mod 3, and (D/p) £1. 


(ii) If p divides the discriminant of Hp(X), then (D/p) # 1. 


Proof. Let a1,...,@n, h = h(D), be ideal class representatives for the order of dis- 
criminant D. To prove (i), note that the constant term of the class equation is 


h 
C=+][i(a)). 
i=l 


If p | C, then in some number field L, there is a prime 8 containing p that divides 
some j(a;). Since 


i(a:) = j(ai) — 0 = j(ai) — j(1 + V—3)/2), 


we know by Theorem 13.21 that p splits in neither Q(V/D) nor Q(/—3), and (i) 
follows immediately. 
To prove (ii), note that the discriminant of Hp(X) is 


disc(Hp(X)) = [J (s(ai) — i(a,))”- 


i<j 


Thus, if p | disc(Hp(X)), then some lying over p divides some j(a;) — j(a;). If 
p{D, then Theorem 13.21 implies that p doesn’t split in Q(/D), and (D/p) = —1 
follows. If p | D, then (D/p) = 0, so that (D/p) # 1 in either case. Q.E.D. 


One of our original motivations for studying complex multiplication came from 
the question of when a prime can be written in the form x? + ny’. Using the class 
equation, we can now prove a constructive version of the main result of this book, 
Theorem 9.2: 
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Theorem 13.23. Let n be a positive integer. Then there is a monic irreducible poly- 
nomial f,(X ) of degree h(—4n) such that for an odd prime p not dividing n, 


2 Bae (—n/p) = 1 and f,(X) =0 mod p 
Be ey Soe { has an integer solution. 


Furthermore, there is an algorithm for finding f,(X). 


Proof. The order of discriminant —4n is O = [1,,/—nl, so that by Theorem 11.1, 
j(\/—n) is a real algebraic integer and is a primitive element of the ring class field 
of O. Since H_4,(X) is the minimal polynomial of j(./—n), we can set f,(X) = 
H_4n(X) in Theorem 9.2, and then the desired equivalence holds for primes dividing 
neither —4n nor the discriminant of H_4,(X). But when a prime divides the discrim- 
inant, Corollary 13.22 tells us that (—4n/p) 4 1. Since both sides of the desired 
equivalence imply (—n/p) = 1, the discriminant condition is superfluous. Finally, 
by Theorem 13.19, there is an algorithm for finding H_4,(X), and the theorem is 
proved. Q.E.D. 


From a computational point of view, this result is not ideal. The polynomi- 
als H_4,(X) are difficult to compute, and as indicated by H_s56(X) and H_7;(X) 
(see (13.1) and (13.20)), they are excessively complicated. The real value of Theo- 
rem 13.23 is the way it links the ideas of class field theory and complex multiplication 
to the elementary question of when a prime can be written in the form x? + ny’. 

Deuring’s study of j(a;) — j(a2) prompted the work of Gross and Zagier [46] 
which determines exactly which primes divide such a difference. Their results apply 
only to field discriminants, but one gets very complete information in this case. Let 
d, and d> be the discriminants of imaginary quadratic fields K, and K respectively. 
We will assume that d; and d) are relatively prime. Then set 


1a. (EEL Ue —i6n)"” 


i=) j=] 


where aj,...,,, are ideal class representatives of Ox,, 61,...,6,, are ideal class 
representatives of Ox,, and w; = |Ox, |, w2 = |Ox,|. Note that J(d),d) is an integer 
when d,d2 < —4, and that J(d),d2)* is always an integer (see Exercise 13.13). 

To state Gross and Zagier’s formula for J(d;,d2)?, we will need functions ¢(n) 
and F'(m), which are defined as follows. First, if p is a prime, we set 


_f(di/p)  ifptd 
cio) = 4 ie) if pt dy 


The reader can easily check that this is well-defined whenever (d,d)/p) #4 —1 (see 
Exercise 13.14). Then, if n = []j_, pi’, we set 


e(n) =[] e(p)”, 
i=l 
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where we assume that (d,;d)/p;) #4 —1 for all i. Finally, F(m) is defined by the 


formula 
F(m) = Il ni), 


nn’ =m 
n,n’ >0 


This is well-defined when all primes p dividing m satisfy (d\d2/p) # —1. 
We can now state the main theorem of Gross and Zagier [46]: 


Theorem 13.24. With the above notation, 


dyad) —x* 
Haid, =+ T] ree). 
x <dd> 
x =d\d)mod4 


Proof. First note that F ((d,d2 — x*)/4) is always defined since any prime p dividing 
(d\dz — x”) /4 satisfies (d;d/p) # —1 (see Exercise 13.14). The paper [46] contains 
two proofs of this theorem, one algebraic and one analytic. The algebraic proof, 
which uses reduction theory of elliptic curves, is given only for the case of prime 
discriminants. A general version of this proof appears in Dorman [30]. Q.E.D. 


This theorem gives the following corollary: 
Corollary 13.25. Let p be a prime dividing J(d,d2)*. Then: 
(i) (di/p) #1 and (do/p) #1. 
(ii) p divides a positive integer of the form (d\dz — x”) /4. 
(iii) p < did2/4. 


Proof. If p divides J(d1,d), it must divide some F ((d\d2 —x*)/4), and the formula 
for F(m) then shows that p divides (d,dz — x*)/4. This easily implies parts (ii) and 
(iii) of the corollary. 

It remains to prove part (i). We will first consider the following lemma which tells 
us how to compute F(m): 


Lemma 13.26. Let m be a positive integer of the form (d\d2 —x")/4. Then F(m) =1 
unless m can be written in the form 


m= per pit... pirat! gt, 
where €(p) = €(p1) =--- = €(p,) = —1 and €(q1) = --- = €(qs) = 1. In this case, 


F(m) = patM@rtl-- sth), 


In particular, p | F(m) means that p is the only prime dividing m with an odd expo- 
nent and e(p) = —1. 


Proof. See Exercises 13.15 and 13.16. Q.E.D. 
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We can now complete the proof of Corollary 13.25. The above lemma shows that 
€(p) = —1 for any prime p dividing F(m). It is easy to see that e(p) = —1 implies 
(d,/p) # 1 and (d2/p) # 1 (see Exercise 13.14), and the corollary follows. Q.E.D. 


Note that this corollary implies Deuring’s theorem in the case of relatively prime 
field discriminants. We should also mention that when dd = 1 mod 8, one gets 
better upper bounds on p (see Exercise 13.17). 

If we apply Corollary 13.25 when dz = —3, then we can strengthen Deuring’s 
result about the constant term of the class equation: 


Corollary 13.27. Let dx be the discriminant of an imaginary quadratic field K, 
and assume that 3 { dx. If p is a prime dividing the constant term of Ha,(X), then 
(dx /p) #1 and either p =3 or p =2 mod 3. Furthermore, p < 3\dx|/4. 


Proof. If a, ...,a, are ideal class representatives of Ox, then 


4/3w 
J(dx,—3)° - (IL a; ) ’ 


where w = |Ox|. Thus the primes dividing J(dx,—3)° are the same as the primes 
dividing the constant term of Hz,(X), and we are done by the previous corollary. 
Q.E.D. 


For an example of how good these estimates are, consider H_56(X). We know 
from (13.1) that the constant term is 


(28-117-17-41)°. 


Corollary 13.27 gives us the estimate p < 3| — 56|/4 = 42, which is as good as 
one can get. The reader should also check the constant term of H_7,(X) given in 
(13.20)—the estimate is again as good as possible. Of course, one could use Theo- 
rem 13.24 to compute these constant terms directly (see Exercise 13.18). 

Gross and Zagier also have similar theorems for primes dividing the discrimi- 
nant of the class equation. Rather than give the formula for the multiplicities of the 
primes, we will just state the following corollary of their result: 


Theorem 13.28. Let dx be the discriminant of an imaginary quadratic field K, and 
let p be a prime dividing the discriminant of Ha, (X). Then (dx /p) #1 and p < |dx|- 


Proof. In the case of prime discriminants, this is proved by Gross and Zagier in [46], 
and the general case is in Dorman [29]. Q.E.D. 


This theorem strengthens Deuring’s result about the discriminant of the class 
equation. For an example of the bound p < |dx|, consider H_56(X). One computes 
that its discriminant is 


HOST op [7 2082317237? Al As 472 537, 
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Theorem 13.28 gives the bound p < 56 on the primes that can appear, which again 
is the best possible. 


D. Exercises 


13.1. 
13.2. 


13.3. 


13.4. 


13.5. 


Use Corollary 11.37 to prove Proposition 13.2. 


If O is an order in an imaginary quadratic field and m is a positive integer, 

then we define r(O,m) = |{a € O: ais primitive and N(a) = m}/O*|, where 

O* acts by multiplication. 

(a) Prove that r(O,m) is finite. 

(b) For fixed m, prove that there are only finitely many orders © such that 
r(O,m) > 0. 


Let F(X,Y) € C[X,Y] and suppose that F(Xo,Xo) = 0. Then Xp is a root of 
both F(X ,Xo) and F(X,X). 


(a) If F(X,Y) = X°+Y?+XY, then show that 0 is a root of F(X,0) and 
F(X ,X) of different multiplicities. Note that the polynomial F(X,Y) is 
symmetric. 


(b) If F(X,Y) and Xp satisfy the additional condition that 
F(X,X) 


with F(X,Xo) 


exists and is nonzero, then show that Xp is a root of F(X, Xo) and F(X,X) 
of the same multiplicity. 


This exercise is concerned with the proof of (13.7). Recall that ¢(70) = 70, 
where & = (44) has relatively prime entries and determinant m > 1. 
(a) Prove that c £ 0. 


(b) When j(79) = 1728, we can assume 7 = i. Show that m* = (ci+d)* 
implies c = +,/m and d = 0. Since G(i) = i, conclude that a = 0 and 
b= +,/m, and derive a contradiction. 


(c) When j(79) = 0, argue as in (b) to complete the proof of (13.7). 


Let m > 1, and let O = [1,79] be an order in an imaginary quadratic field. 
Consider the sets 


A= {a € O: ais primitive and N(a) = m}/O* 
B= {a € C(m) : j(o7) = j(7)}- 


In the proof of Theorem 13.4, we showed how an element [a] € A determines 
a unique o € B. Prove that the map [a] +> o defines a bijection AB. 
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13.6. The goal of this exercise is to prove the formula for the degree N of ®,,(X ,X) 
given in Proposition 13.8. 


(a) Prove that g~ is the most negative power of q in the g-expansion of 
®,(J(7), J(7))- 
(b) If o = (44) € C(m), then use (11.19) to show that the q-expansion of 
i(t) — j(or) is 
qv! —Cabg-4/4 4... whena<d 
—Cabg-4/4 4. g-!4... whena>d 
(1—¢@)q71 +--+ whena=d, 


where ¢,, = e2™i/™_ The last possibility can occur only when m is a perfect 
square, and in this case, ¢%” 4 I since o € C(m). 


(c) Given a, we know that d = m/a. In part (a) of Exercise 11.9 we showed 
that the number of possible a € C(m) with this a and d was 


“4(6), 


where e = gcd(a,d). Use this formula and (b) to show that the degree N 
of ®,,(X,X) equals 


> “#le) + % << 6(e)+4(vm). 


a<VJ/m a>J/m 


(d) Show that the first two sums in the above expression are equal. This 
proves the formula for N given in Proposition 13.8. 


13.7. This exercise is concerned with some examples of Theorem 13.4. 


(a) Verify that r(—3,3) =r(—12,3) =1, r(—8,3) =r(—11,3) =2, and also 
show that r(D,3) = 0 for all other discriminants. This proves that 


@3(X,X) = +H_3(X)H_12(X)H_9(X)?H_11(X)’. 
(b) Use the method of (a) to write down the factorization of ®5(X,X). 


13.8. The proof of Proposition 13.11 requires the following facts about the orders 
of discriminant —3 and —4 (Z[w] and Z[i] respectively). 
(a) If m > 1, show that r(—3,m) = 1 if and only if m = 3. 
(b) If m > 1, show that r(—4,m) = 1 if and only if m = 2. 


13.9. Let m = 3 mod 4 be an integer > 3. Show that the order Z[./—m] of discrim- 
inant —4m has no primitive elements of norm (m+ 1)/4. 
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13.10. In this exercise we will illustrate the algorithm given in the text for computing 


13.11. 


13.12. 


13.13. 


13.14. 


13.15. 


Hp(X). 

(a) Show that H_56(X) is determined by knowing ®14(X,X). 

(b) Show that H_;;(X) and H_44(X) are determined by knowing ®1;(X,X). 

(c) Show that H_7(X) and H_23(X) are determined by knowing ®7(X ,X) 
and ®2(X,X). 


Let f(7) be a modular function for [9(m) which vanishes at the cusps. 


(a) If y;, i=1,...,|C(m)|, are coset representatives for '9(m) C SL(2,Z), 


then show that 
|C(m)| 


II f(viT) 


is a modular function for SL(2,Z) which vanishes at infinity. 


(b) If in addition (7) is holomorphic on h, then show that f(r) is identically 
zero. Hint: use (a) and Lemma 11.10. 


Use the formulas 


g(r) = Cry" O (14240 oan ) 


n=1 
i a -q’"" 
n=) 


to show that the coefficients of the g-expansion of j(7) are integral. This is 
the classical method used to prove Theorem 11.8. 


Let J(d,,d2) be as defined in the text. 


(a) If d;, d, < —4, then show that J(d,d2) is an integer. Hint: use Galois 
theory. 

(b) Show that J(d),d2)? is always an integer. Hint: when d; or d2 is —3, 
recall that j((1 + /—3)/2) =0. Theorem 12.2 will be useful. 

Let e(m) and F (n) be as defined in the text, and let p be a prime number. 


(a) Show that e(p) is defined whenever (d,d2/p) 4 — 


(b) Assume that p divides a number of the form (d\d2 — x*)/4. Then prove 
that (d\d2/p) # — 


(c) Show that e(p) = —1 implies that (d,/p) 4 1 and (d2/p) # 1. 
Exercises 13.15 and 13.16 will prove Lemma 13.26. In this exercise we 


will show that any positive integer of the form m = (d,d2 —x”)/4 satisfies 
e(m) = —1. We will need the following extension of the Legendre symbol. 
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13.16. 
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Let D=0, 1 mod 4, and let y : (Z/DZ)* — {+1} be the homomorphism from 
Lemma 1.14 (so that y([p]) = (D/p) when p is a prime not dividing D). Then 
for any integer m relatively prime to D, set 


(2) =x(bm). 


(a) Show that (D/m) is multiplicative in D and m and depends only on the 
congrunce class of m modulo D. Also, when m = pt' --- p% is positive, 


( ) ¢ ) 
i=] i 


where (D/p;) is the usual Kronecker symbol. Thus, when m is odd and 
positive, (D/m) is just the Jacobi symbol. Finally, show that (D/—1) = 
sgn(D). Hint: see Lemma 1.14. 


(b 


ma 


We will need the following limited version of quadratic reciprocity for 

(D/m). Namely, if D = 1 mod 4 is relatively prime to m = 0,1 mod 4, 

then prove that (D/m) = (m/|D|). Furthermore, if D and m have opposite 

signs, then prove that (D/m) = (m/D). 

(c) Let m be a positive integer such that ¢(m) is defined. If m is relatively 
prime to dj, then show that e(m) = (d/m). 

(d) Now we can prove that e(m) = —1 when m = (d;d2 — x*)/4. We can 

assume d; = 1 mod 4, and write m = ab, where a | d,, a= 1 mod 4 and 

gcd(d|,b) = 1. Then d, = ad, where d = 1 mod 4. 

(i) Show that e(m) = (d2/a)(d\/b). 

(ii) Show that (d,/b) = (a/d2)(d/—1). Hint: first note that (d)/b) = 
(d,/4b) = (a/4b)(d/4b). Use 4ab = did) — x2 to show that 4b = 
ddz mod a (remember that a has no square factors) and then apply 
quadratic reciprocity to (a/d) (remember that a and d have opposite 


signs). 
(iii) Use quadratic reciprocity to prove that €(m) = —1. Hint: remember 
that d, < 0. 
Let m be a positive integer such that e(m) = —1. The goal of this exercise is 


to compute F(m). We will use the function s(m) defined by 


s(m) = 33 e(n). 


n\|m 
n>0 


Note that s() is defined whenever €(m) is. Given a prime p, let v(m) be the 
highest power of p dividing m. 


(a) If m, and mz are relatively prime integers such that €(m,) and e(mp2) are 
defined, then prove that 


F(mm2) = F(m 8") F (m2), 
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(b) Suppose that m = py' -+ peg?! .-.g’s, where e(p;) = —1 and €(q;) = 1 
for all i. Prove that 


(y= 0 some a; is odd 
ee, Th-1(2+ 1) all a;’s are even. 


(c) If e(m) = —1, show that there is at least one prime p with e(p) = —1 and 
Vp(m) odd. Conclude that s(m) = 0. 


(d) Suppose that e(m) = —1, and that m is divisible by two primes p and q 
with e(p) = e(q) = —1 and v,(m) and v,(m) odd. Prove that F(m) = 1. 
Hint: write m = p2¢+!q?+!m’, and use (a)-(c). 

(e) Finally, suppose that m is divisible by a unique prime p with e(p) = 1 and 
v»(m) odd. Then m can be written m = p**t! pt... p%q?! ---q, where 
e(p) = €(p:) = —1 and e(q;) = 1 for all i. Prove that 


F(m) = ptt Gst1), 


Hint: show that F(p*4t+!) = p**!, and use (a)-(c). 


By (d) and (e), we see that when e(m) = —1, F(m) is computed by the for- 
mulas given in Lemma 13.26. Thus Lemma 13.26 is an immediate corollary 
of this exercise and the previous one. 


13.17. Let p be a prime dividing J(d,,d2)*. In Corollary 13.25, we showed that 
p <d,d,/4. In some cases, this estimate can be improved. 


(a) If djd, = 1 mod 8, then prove that p < d,d/8. Hint: p | (did 2 — x") /4. 
When p = 2, note that djd. = 1 mod 8 implies d,d2 > 33. 


(b) If d; =d2 =5 mod 8, then prove that p < d,d2/16. Hint: when p is odd, 
we have p | (d;d2 — x*)/8. To rule out the case 2p = (d,d2 — x*)/4, use 
Exercise 13.15 and Lemma 13.26. When p = 2, see (a). 


13.18. Use Theorem 13.24 to compute the constant terms of H_s6(X) and H_7(X), 


and compare your results with (13.1) and (13.20). Hint: use Lemma 13.26 to 
compute F(m). 


CHAPTER FOUR 


ADDITIONAL TOPICS 


§14. ELLIPTIC CURVES 


In the first three chapters of the book, we solved our basic question concerning 
primes of the form x? + ny. But the classical version of complex multiplication 
presented in Chapter Three does not do justice to more recent developments. In this 
final chapter of the book, we will discuss two additional topics, elliptic curves and 
Shimura reciprocity. 

In the modern study of complex multiplication, elliptic functions are replaced 
with elliptic curves. In §14, we will give some of the basic definitions and theorems 
concerning elliptic curves, and we will discuss complex multiplication and elliptic 
curves over finite fields. Then, to illustrate the power of what we’ve done, we will 
examine two primality tests from the late 1980s that involve elliptic curves, one of 
which makes use of the class equation. 

In §15, we turn our attention to a quite different topic, Shimura reciprocity. This 
concerns the deep interaction between Galois theory and special values of modu- 
lar functions. We saw hints of this in §12 when we gave Weber’s computation of 
i(/—14). Using papers of Alice Gee and Peter Stevenhagen [A10, All, A23] and 
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Bumkyo Cho [A6] as a guide, we will revisit parts of §12 from this point of view and 
give an interesting twist on the question of p = x* +ny’. 
The two sections of this chapter can be read independently of each other. 


A. Elliptic Curves and Weierstrass Equations 


Our treatment of elliptic curves will not be self-contained, for our purpose is to entice 
the reader into learning more about this lovely subject. Excellent introductions to 
elliptic curves are available, notably the books by Husemoller [58], Knapp [A14], 
Koblitz [67], Silverman [93] and Silverman and Tate [A22}, and more advanced 
topics are discussed in the books by Lang [73], Shimura [90] and Silverman [A21]. 

Given a field K of characteristic different from 2 or 3, an elliptic curve E over K 
is an equation of the form 


(14.1) y = 4 — gox— 93, 


where 
g2,83€K and A=g3—27g340. 


For reasons that will soon become clear, this equation is called the Weierstrass equa- 
tion of E. When K has characteristic 2 or 3, a more complicated defining equation is 
needed (see Silverman [93, Appendix A]). 

Given an elliptic curve E over K, we define E(K) to be the set of solutions 


E(K) = {(x,y) © K x K: y* = 4x? — gox— g3} U {oo}. 


The symbol oo appears because in algebraic geometry, it is best to work with homo- 
geneous equations in projective space. Equation (14.1) defines a curve in the affine 
space K*, but in the projective space P?(K) there is an extra “point at infinity” (see 
Exercise 14.1 for the details). Given a field extension K C L, we can also define 
E(K) Cc E(L) in an obvious way. 

Over the complex numbers C, the Weierstrass ¢-function gives us elliptic curves 
as follows. Let L C C be a lattice, and let o(z) = g(z;L) be the corresponding g- 
function. Then we have the differential equation 


@' (z)? = 4e(z)> — g2(L)@(z) — 93(L) 


of Theorem 10.1, which gives us the elliptic curve E defined by 


y? = 4x° — go(L)x— g3(L). 


If z ¢ L, then o(z) and g’(z) are defined, and the differential equation shows that 
{so(z), 9’(z)) is in E(C). Since go(z) and g’(z) are also periodic for L, we get a well- 
defined mapping 

(C-—L)/L — E(C) — {oo}. 


It is easy to show that this map is a bijection (see Exercise 14.2), and consequently 
we get a bijection 


(14.2) C/L~ E(C) 
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by sending 0 € C to 00 € E(C). Both C/L and E(C) have natural structures as 
Riemann surfaces, and it can be shown that the above map is biholomorphic. 

The unexpected fact is that every elliptic curve over C arises from a unique Weier- 
strass y-function. More precisely, we have the following result: 


Proposition 14.3. Let E be an elliptic curve over C given by the Weierstrass equa- 
tion 
y =4x—gox—gs, 82,83 EC, 93 — 2783 £0. 


Then there is a unique lattice L C C such that 


82 = 82(L) 
83 = g3(L). 


Proof. The existence of L was proved in Corollary 11.7, and the uniqueness follows 
from the proof of Theorem 10.9 (see Exercise 14.3). Q.E.D. 


Proposition 14.3 is often called the uniformization theorem for elliptic curves. 
Note that it is a consequence of the properties of the j-function. 

The mention of the j-function prompts our next definition: if an elliptic curve E 
over a field K is defined by the Weierstrass equation (14.1), then the j-invariant j(E) 
is defined to be the number 


83 33 
(E) = 172882 = 17282 eK. 
i) 83 — 273 A < 


Note that j(Z) is well-defined since A # 0, and the factor of 1728 doesn’t cause 
trouble since K has characteristic different from 2 and 3 (the definition of the j- 
invariant is more complicated in the latter case—see Silverman [93, Appendix AJ). 
Over the complex numbers, notice that 


whenever E is the elliptic curve determined by the lattice L Cc C. 
To define isomorphisms of elliptic curves, let E and E’ be elliptic curves over 

K, defined by Weierstrass equations y? = 4x° — gox — g3 and y* = 4x — gx — g4 
respectively. Then E and E’ are isomorphic over K if there is a nonzero c € K such 
that 

82 = cg 

&3= c°g3. 
In this case, note that the map sending (x, y) to (c?x,c*y) induces a bijection 


E(K) ~ E'(K). 


It is trivial to check that isomorphic elliptic curves have the same j-invariant. 
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Over the complex numbers, isomorphisms of elliptic curves are related to lattices 
and j-invariants as follows: 


Proposition 14.4. Let E and E' be elliptic curves corresponding to lattices L and L’ 
respectively. Then the following statements are equivalent: 


(i) E and E' are isomorphic over C. 
(ii) L and L’ are homothetic. 
(iii) j(E) = j(E’). 
Proof. This follows easily from Theorem 10.9. We leave the details to the reader 
(see Exercise 14.4). Q.E.D. 


What is more interesting is that part of this proposition generalizes to any alge- 
braically closed field: 


Proposition 14.5. Let E and E' be elliptic curves over a field K of characteristic 
different from 2 or 3. 


(i) E and E' have the same j-invariant if and only if they are isomorphic over a 
finite extension of K. 


(ii) If K is algebraically closed, then E and E' have the same j-invariant if and 
only if they are isomorphic over K. 


Proof. The proof is basically a transcription of the algebraic part of the proof of 
Theorem 10.9—see Exercise 14.4. Q.E.D. 


Over nonalgebraically closed fields, nonisomorphic elliptic curves may have the 
same j-invariant (see Exercise 14.4 for an example over Q). Later, we will discuss 
the isomorphism classes of elliptic curves over a finite field. 

Finally, we need to discuss the group structure on an elliptic curve. The basic idea 
is to translate the addition law for the Weierstrass g-function into algebraic terms. 
To see how this works, let E be an elliptic curve over K, and let P; and P, be two 
points in E(K). Our goal is to define P; + P, € E(K). If P; = 00, we define 


P+Ph=w0+h =P, 


and the case P, = oo is treated similarly. Thus oo will be the identity element of 
E(K). For the remaining cases, we may write P,; = (x1,y,) and P) = (x2, y2). If 
x, # x2, then we define 

P, + P, = (x3,y3), 


where x3 and y3 are given by 


(14.6) 
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These formulas come from the addition laws for (z+ w) and g’(z+w) (see Theo- 
rem 10.1 and Exercise 14.5). 

We still need to consider what happens when x; = x2. In this case, the Weierstrass 
equation implies that yj; = +y2, so that there are two cases to consider. When y; = 
—y2, we define 

P,+P,;= 00. 


This formula tells us that the inverse of (x,y) € E(K) is (x, —y). Finally, suppose that 
P, = P2, where y; = y2 # 0. Here, we define 


P, + Py = 2P; = (x3,y3), 


where x3 and y3 are given by 


1 (12x? — 
x3 = —2x,+ 16 ( i =) 
(14.7) Me 
Sy 5) 12x ~ 82 
y3 = yi — (3-11 >, : 


These formulas come from the duplication laws for ¢(2z) and go’(2z) (see (10.13) 
and Exercise 14.5). The major fact is that we get a group: 


Theorem 14.8. /f E is an elliptic curve over a field K, then E(K) is a group (with 
oo as identity) under the binary operation defined above. 


Proof. See Husem6ller [58], Koblitz [67] or Silverman [93] for a proof. These refer- 
ences also explain a lovely geometric interpretation of the above formulas. Q.E.D. 


If E is an elliptic curve over K and K C Lis a field extension, then it is easy to 
show that E(K) is a subgroup of E(L). 

Over the complex numbers, we saw in (14.2) that there is a bijection C/L ~ 
E(C). Notice that both of these objects are groups: C/L has a natural group structure 
induced by addition of complex numbers, and E(C) has the group structure defined 
in Theorem 14.8. It is immediate that the map C/L ~ E(C) is a group isomorphism. 


B. Complex Multiplication and Elliptic Curves 


The next topic to discuss is the complex multiplication of elliptic curves. The idea is 
to take the theory developed in §§10 and 11 and translate lattices into elliptic curves. 
The crucial step is to get an algebraic description of complex multiplication, which 
can then be used over arbitrary fields. 

Let’s start by describing the endomorphism ring of an elliptic curve E over C. 
Namely, if E corresponds to the lattice L, we define 


Endc(E) = {a€C:aLclL}. 


This is clearly a subring of C, and note that Z C Endc(E). Then we say that E has 
complex multiplication if Z A Endc(E). From Theorem 10.14, it follows that E has 


288 §14. ELLIPTIC CURVES 


complex multiplication if and only if L does, and in this case, Endc(E) is an order 
O in an imaginary quadratic field. 

For a € O, the inclusion aL C L gives us a group homomorphism a: C/L— C/L. 
Combined with (14.2), we see that a € Endc(E) induces a group homomorphism 


a:E(C) 3 E(C). 


In terms of the x and y coordinates of a point in E(C), this map can be described as 
follows: 


Proposition 14.9. Given a #0 € Endc(E), there is a rational function R(x) € C(x) 
such that for (x,y) € E(C), we have 


a(x) = (RG), =R (0), 
where R'(x) = (d/dx)R(x). 


Proof. Given aL Cc L, we saw in Theorem 10.14 that there is a rational function 
R(x) such that (az) = R(p(z)). Differentiating with respect to z gives g'(az)a = 
R'(p(z))'(z), and thus p'(az) = (1/a)R'(g(z))p’(z). Since a : E(C) > E(C) 
comes from a: C/L - C/L via the map z++ (¢(z), 9’ (z)), the proposition follows 
immediately. Q.E.D. 


Because of the algebraic nature of a € Endc(E), we write a: E — E instead of 
a: E(C) > E(C). When a # 0, we say that a is an isogeny from E to itself. The 
most important invariant of an isogeny is its degree deg(a), which is defined to the 
the order of its kernel. More precisely, if E correponds to the lattice L, then it is easy 
to see that the kernel of a : E(C) — E(C) is isomorphic to L/aL (see Exercise 14.6). 
Thus, by Theorem 10.14, it follows that 


deg(a) = |L/aL| = N(a), 
where N(q) is the norm of a € O = Endc(E£). 
For an example of complex multiplication, consider the elliptic curve E defined 
by the Weierstrass equation 


y* = 4° — 30x — 28. 


We claim that Endc(E) = Z[./—2], and that for (x,y) € E(C), complex multiplica- 
tion by /—2 is an isogeny of degree 2 given by the formula 


z. 
(14.10) TGs) = (32 ss Beet ). 


It turns out that the major work of this claim was proved in §10 when we considered 
the lattice L = [1, /—2]. Namely, in the discussion surrounding (10.21) and (10.22), 
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we showed that for some 4, 


5-27 
g(t) = 
7-27 
g3(AL) = > 
If we set \’ = ,/3/2,, then it follows that 
g2(A'L) = 30 
83 (VL) = 28, 


which implies that E has complex multiplication by /—2. Furthermore, the formula 
for e(V/—2z) given in (10.21) and (10.22) easily combines with Proposition 14.9 to 
prove (14.10) (see Exercise 14.7). 

For an elliptic curve E over an arbitrary field K (as always, of characteristic # 
2,3), we can’t use lattices to define complex multiplication. But as indicated by 
Proposition 14.9, there is a purely algebraic definition of the endomorphism ring 
Endx (£) that depends only on the defining equation of E (see Silverman [93, Chapter 
IiI]). Because of the group structure of E, Endx(E) always contains Z, and if K has 
characteristic zero, we say that E has complex multiplication if Endg(E) 4 Z, where 
K is the algebraic closure of K (thus the complex multiplications may only be defined 
over finite extensions of K). When K is a finite field, we will see that Endx(E) is 
always bigger than Z. For this reason, the term “complex multiplication” is rarely 
used when K has positive characteristic. 

When K c C, we can describe the endomorphism ring Endx(E) as follows. Let 
a € Endc(£), and use Proposition 14.9 to write a(x,y) = (R(x), (1/a)R’(x)y) for 
(x,y) € E(C). Then 


a € Endg(E) <> R(x), ~R'(x) € K(x). 


Another interesting case is when K = F, is a finite field. Here, the map sending 
(x,y) to (x4, y?) clearly defines a group homomorphism E(L) > E(L) for any field 
L containing K (see Exercise 14.8). This gives an element Frob, € Endx(E), which 
is called the Frobenius endomorphism of E. It will play an important role later on. 
Notice that this map is not of the form (R(x), (1/a)R’(x)y). 

In this more abstract setting, one can still define the degree of a nonzero isogeny 
a € Endx(E). When K C C, the degree of a is the order of ker(a : E(C) — E(C)), 
while over a finite field, the degree is more subtle to define. For example, the Frobe- 
nius isogeny Frob, always has degree q even though Frob, : E(L) > E(L) is injective 
for any field K C L. See Silverman [93, §III.4] for a precise definition of the degree 
of an isogeny. 

Besides isogenies from E to itself (which are recorded by Endx (F)), one can also 
define the notion of an isogeny a between different elliptic curves E and E’ over the 
same field K. For simplicity, we will confine our remarks to the case K = C. In this 
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situation, E and E’ correspond to lattices L and L’. If a # 0 is a complex number 
such that aL C L’, then multiplication by a induces a map 


a:E(C) + E'(C) 


with kernel L’/aL, and we say that a is an isogeny from E to E'. As in Proposi- 
tion 14.9, one can show that a is essentially algebraic in nature (see Exercise 14.9), 
so that we can write @ as a: E —> E’ and we say that a is an isogeny from E to E’. 

The notion of isogeny has a close relation to the modular equation. We define an 
isogeny a: E — E’ to be cyclic if its kernel L’/aL is cyclic. Then we have: 


Proposition 14.11. Let E and E’ be elliptic curves over C. Then there is a cyclic 
isogeny a from E to E' of degree m if and only if ®,(j(E), j(E’)) = 0. 


Proof. This follows easily from the analysis of ®,,(u, v) = 0 given in Theorem 11.23 
(see Exercise 14.10). Q.E.D. 


For a more complete treatment of these topics, see Lang [73, Chapters 2 and 5] 
and Silverman [93, Chapter II]. 


C. Elliptic Curves over Finite Fields 


So far, we’ve translated concepts about lattices into concepts about elliptic curves. 
If this were all that happened, there would be no special reason to study elliptic 
curves. The important point is that the algebraic formulation allows us to state some 
fundamentally new results, the most interesting of which involve elliptic curves over 
a finite field F,. As usual, we will assume that F, has characteristic greater than 3, 
ie.,g=p*, p>3. 

When E is an elliptic curve over F,, the group of solutions E(F,) is a finite 
Abelian group, and it is easy to see that its order |E(IF,)| is at most 2q¢+ 1 (see 
Exercise 14.11). In 1934, Hasse proved the following stronger bound conjectured by 
Artin: 


Theorem 14.12. If E is an elliptic curve over F,, then 


qt+1—2/@< |E(F,)| <¢+14+2V4. 
Proof. We will discuss some of the ideas used in the proof. The key ingredient is the 
isogeny Frob, € Endg, (E) defined by Frob,(x,y) = (x7, y?). 
We can form the isogeny | — Frob,, and it follows easily that if F, is the algebraic 
closure of F,, then 


E(F,) = ker(1 — Frob, : E(F,) > E(Fq)) 


(see Exercise 14.12). The next step is to show that 1 — Frob, is a separable isogeny, 
which implies that 


(14.13) |E(F,)| = deg(1 — Frob,). 
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From here, the proof is a straightforward consequence of the basic properties of 
isogenies (see Silverman [93, Chapter V, Theorem 1.1}). Q.E.D. 


In 1946, Weil proved a similar result for algebraic curves over finite fields, and 
in 1974, Deligne proved a vast generalization (conjectured by Weil) to higher-di- 
mensional algebraic varieties. For further discussion and references, see Ireland and 
Rosen [59, Chapter 11] and Silverman [93, §V.2]. 

Elliptic curves over finite fields come in two types, ordinary and supersingular, 
as determined by their endomorphism rings: 


Theorem 14.14. If E is an elliptic curve over Fy, then the endomorphism ring 
Endy, (E) is either an order in an imaginary quadratic field or an order in a quater- 
nion algebra. 


Remarks. 
(i) We say that E is ordinary in the former case and supersingular in the latter. 


(ii) Notice that for elliptic curves over a finite field K, Endg(E) is always larger 
than Z. 


Proof. See Silverman [93, Chapter V, Theorem 3.1]. Q.E.D. 


There are many known criteria for E to be supersingular (see Husemodller (58, p. 
258] for an exhaustive list). Over a prime field F,, there is a special criterion which 
will be useful later on: 


Proposition 14.15. Let E be an elliptic curve over Fy. If p > 3, then E is supersin- 
gular if and only if 
E(F,)| =p +1. 


Proof. See Silverman [93, Chapter V, Exercise 5.10]. Q.E.D. 


It is interesting to note that |E(F,,)| = p+ 1 is exactly in the center of the range 
p+1—2,/p<|E(F,)| < p+1+2,/p allowed by Hasse’s theorem. 

From the point of view of endomorphisms, ordinary elliptic curves over finite 
fields behave like elliptic curves over C with complex multiplication, since in each 
case, the endomorphism ring is an order in an imaginary quadratic field. This sug- 
gests a deeper relation between these two classes, which leads to our next topic, 
reduction of elliptic curves. 

The basic idea of reduction is the following. Let K be a number field, and let E 
be an elliptic curve defined by 


y’ = 4x° — gox—g3, 82,83 EK. 


If p is prime in Ox, we want to “reduce” E modulo p. This can’t be done in general, 
but suppose that g2 and g3 can be written in the form a/f, where a, € Ox and 
2 ¢p. Then we can define [g2] and [g3] in Ox/p. If, in addition, we have 


A = [g2|° —27[g3]? 40 € Ox/p, 
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then 
y? = 4x° — [go]x — [g3] 


is an elliptic curve E over the finite field Ox /p. In this case we call E the reduction 
of E modulo p, and we say that E has good reduction modulo p. 

When E has complex multiplication and good reduction, Deuring, drawing on 
examples of Gauss, discovered an astonishing relation between the complex multi- 
plication of E and the number of points in E(Ox/p). Rather than state his result in 
its full generality, we will present a version that concerns only elliptic curves over 
the prime field F,,. 

To set up the situation, let O be an order in an imaginary quadratic field K, and 
let L be the ring class field of O. Let p be a prime in Z which splits completely in L, 
and we will fix a prime of L lying above p, so that O,/%8 ~ F,. Finally, let E be 
an elliptic curve over L which has good reduction at $8. With these hypotheses, the 
reduction E is an elliptic curve over F,,. Then we have the following theorem: 


Theorem 14.16. Let O, L, p and be as above, and let E be an elliptic curve over 
L with Endc(E) = O. If E has good reduction modulo %B, then there is 7 € O such 
that p = 77 and 

|E(F,)| =p+1—(x+7). 


Furthermore, Endg, (E) = O, and every elliptic curve over F,, with endomorphism 
ring (over F,) equal to O arises in this way. 


Proof. The basic idea is that when the above hypotheses are fulfilled, reduction in- 
duces an isomorphism 


Endc(E) —> EndF, (E) 
that preserves degrees. The proof of this fact is well beyond the scope of this book 
(see Lang [73, Chapter 13, Theorem 12}). 


From the above isomorphism, it follows that there is some prime 7 € Endc(E) 
which reduces to Froby € Endy (E). Since Frob, has degree p, so does 7. Over the 


complex numbers, we know that the degree of x € O = Endc(E) is just its norm, so 
that N(a) = p. Thus we can write p = 17 in O. = 
It is now trivial to compute the number of points on E. As we noted in (14.13), 


|E(F,)| = deg(1 — Frob,). 
Since the reduction map preserves degrees, it follows that 


deg(1 — Frob,) = deg(1— 7) =N(1—7) = (1—7)(1—7) 
=pt+1-—(x+7) 
since p = 77. This proves the desired formula for |E(F,)|. 


See Rubin and Silverberg [A18, Lemma 8.1] for a proof of the final part of the 
theorem. Q.E.D. 
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The remarkable fact is that we’ve already seen two examples of this theorem. 
First, in (4.24), we stated the following result of Gauss: if p = 1 mod 3 is prime, 
then 


If 4p =a? +. 27b* and a = 1 mod 3, then N = p+a-—2, where 


(14.17) . ; 4 
N is the number of solutions modulo p of x° — y> = 1 mod p. 


We can relate this to Deuring’s theorem as follows. The coordinate change (x,y) > 
(3x/(1+y),9(1 —y)/(1 +,y)) transforms the curve x? = y? + 1 into the elliptic curve 
E defined by y* = 4x° — 27 (see Exercise 14.13). Gauss didn’t count the three points 
at infinity that lie on x° = y? + 1, and when these are taken into account, then (14.17) 
asserts that |E(F,)| = p+1+a. Since p =1 mod 3, we can write p = 17 in 
Z|w], w = e?"/3, In §4, we saw that 7 may be chosen to be primary, which means 
a = +1 mod 3. Thus we may assume a = 1 mod 3, so that 7 = A+ 3Bw, where 
A= 1 mod p. Then an easy calculation shows that 


Ap = (—(2A —3B))? + 27B?. 


Since 2A — 3B = 1 +7 and —(2A — 3B) = 1 mod 3, it follows that (14.17) may be 
stated as follows: 


If p = 17 in Z[w] and x = 1 mod 3, then |E(F,)| = p+1—(a+7). 


Since E is the reduction of y? = 4x? — 27, which has complex multiplication by Z[w] 
(see Exercise 4.13), Gauss’ observation (14.17) really is a special case of Deuring’s 
theorem. 

Similarly, one can check that Gauss’ last diary entry, which concerned the number 
of solutions of x” + y? +x”y? = 1 mod p, is also a special case of Deuring’s theorem. 
See the discussion following (4.24) and Exercise 14.14. 

As an application of Deuring’s theorem, we can give a formula for the number 
of elliptic curves over F, which have a preassigned number of points. We first need 
some notation. Given an order © in an imaginary quadratic field K, we define the 
Hurwitz class number H(O) to be the weighted sum of class numbers 


2 
HO)= > jor) 
OCO'COx 


We also write H(O) as H(D), where D is the discriminant of O. Then we have the 
following theorem of Deuring: 


Theorem 14.18. Let p > 3 be prime, and let N = p+1-—a be an integer, where 
—2,/p <a <2,/p. Then the number of elliptic curves E over F, which have 
E(F,)| = p+1—ais 


PtH —A4p). 


Proof. Let 7 be a root of x —axt+ p. Since —2,/p <a<72,/p, the quadratic for- 
mula shows that O, = Z[r] is an order in an imaginary quadratic field K. One can 
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also check that p doesn’t divide the conductor of O, (in fact, it doesn’t divide the 
discriminant), and hence the same is true for any order O’ containing O, (see Exer- 
cise 14.15). 

We will start with the case a 4 0, which by Proposition 14.15 means that all of the 
elliptic curves involved are ordinary. Given an order ©’ containing ©, and a proper 
O’'-ideal a, we will produce a collection of elliptic curves E, with good reduction 
modulo p. Namely, let L’ be the ring class field of O’. Since p = 17 in Og C O’, it 
follows from Theorem 9.4 that p splits completely in L’. Thus, if $8 is any prime of 
L’ containing p, then O, /8 ~ F/. 

First, assume that O’ # Z(i) or Z[w], w = e?"/3, so that j(a) 40,1728. If we let 


_ __27j(a) 
~ j(a) — 1728’ 


then we define the collection of elliptic curves EF, over L’ by the Weierstrass equations 
y = 43 — ke? x— ke’, 


where c € Oy, — $B is arbitrary. A computation shows that j(E.) = j(a). We can 
reduce k modulo L provided that j(a) — 1728 ¢ 8. Since 1728 = j(i), Theorem 13.21 
implies that 


j(a) = 1728 mod 8 ==> p does not split in K or Q(i) 


(when K = Q(i), note that the conductor condition of Theorem 13.21 is satisfied). 
However, p splits in K, and thus j(a) — 1728 ¢ ,, as desired. 
Then one computes that in O,/3B x F,, 


A = [ke — 271k = 17285] 2Filay’ |. 


(j(a) — 1728)3 
By the argument used to prove j(a) — 1728 ¢ $8, Theorem 13.21 and j(w) =0 show 
that j(a) ¢ $B. It follows that E, has good reduction modulo ¥ since c ¢ P. 

If O' = Z{i] or Z[w], then L’ = K. Here, we will use the collection of elliptic 
curves E,, defined by 


y=4-cx, c¢é7Z{i] 
y=4r-c, c¢ Zu. 


One easily checks that these curves have good reduction modulo 7 and ©’ as their 
endomorphism ring. 

Theorem 14.16 assures us that every ordinary elliptic curve E over F,, arises from 
reduction of some elliptic curve with complex multiplication. Given this, it follows 
without difficulty that E is in fact the reduction of one of the E,.’s constructed above 
(see Exercise 14.16). 

Given ©’, there are h(O’) distinct j-invariants j(a), and hence for a fixed a, we 


have 
ye) 


O,cCO’ 
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distinct collections of elliptic curves E,. Furthermore, another application of The- 
orem 13.21 shows that different collections reduce to elliptic curves with different 
j-invariants. Since each collection E, gives us p — 1 curves over F,,, we get 


(p-1) $5 n(O’) 


O.co’ 


elliptic curves over F,. But which of these have p +1 —a points on them? The 
problem is that Theorem 14.16 implies that |E,(F,)| is determined by some element 
of O’ of norm p, but it need not be 7! All curves in a given collection have the 
same j-invariant, but they need not be isomorphic over F,, and hence they may have 
different numbers of points. In fact, this is always the case: 


Proposition 14.19. Let E and E’ be elliptic curves over F ,. If E is ordinary, then E 
and E' are isomorphic over F,, if and only if j(E) = j(E') and |E(F,)| = |E’(F,)|. 


Proof. One direction of the proof is obvious, but the other requires some more ad- 
vanced concepts. We will give the details since this result doesn’t appear in stan- 
dard references. The key ingredient is a theorem of Tate, which asserts that curves 
with the same number of points over a finite field K are isogenous over K (see 
Husemiller [58, §13.8]). Applying this to |E(F,)| = |E’(F,)|, we get an isogeny 
: E > E’ defined over F,. Since E and E’ have the same j-invariant, we can 
also find an isomorphism ¢ : E’ > E defined over some extension F,« (see Propo- 
sition 14.5). Thus go € Ends AE), which is commutative since E is ordinary. 
Thus Frob, 0 (go X) = (PoA)o Frob,, so that po A is defined over F,. Then, given 
ae Gal(F,/F,), we have 


$° oN= $7 OX” = (Gor)? = G0), 


where the last equality holds since ¢o is defined over F,. Since isogenies are 
surjective over F,, it follows easily that $” = ¢. This is true for all o € Gal(F,/F,), 
which implies that the isomorphism ¢ : E’ > E is defined over F,. Q.E.D. 


We claim that the collection E, contains (p — 1)/|O’*| curves with p+1—a 
points. This will immediately imply our desired formula. Let’s first consider the 
case when E, corresponds to a j-invariant j(a) #0 or 1728. Here, the only solutions 
of N(a) = p in O' are a = +7 and +7 (see Exercise 14.17). Thus, for each c, 
Deuring’s theorem tells us that 


|E-(Fp)| = pt +a. 


The curves E, fall into two isomorphism classes, each consisting of (p — 1) /2 curves, 
corresponding to whether [c] € (F3)* or not (see Exercise 14.18). By the above 
proposition, nonisomorphic curves have a different number of elements, and hence 
we see that ae half of the E,’s have p+ 1 — a elements. Since O"* = {+1}, we 
get (p — 1)/2 = (p—1)/|O”*| curves with p + 1 — a points. 

When j(a) = 1728, things are more complicated. Here, O’ = Z[i], and p = 77 
implies that p = 1 mod 4. The only solutions of N(a@) = p are a = +7,+7,, tin, and 
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+i (see Exercise 14.17), and thus there are at most four possibilities for |E.(F,)|. 
But there are four isomorphism classes of curves with j = 1728 in this case, each 
consisting of (p — 1)/4 curves (see Exercise 14.18). It follows that there are exactly 
(p — 1)/|O”| curves with p+ 1—a points. The case j = 0 is similar and is left to 
the reader. 

It remains to study the case a = 0, which concerns the number of supersingular 
curves over F,,. Since Theorem 14.16 doesn’t apply to this case, we will take a more 
indirect approach. Given any a in the range 2,/p < a < 2,/p, we just proved that 
when a # 0, there are ((p — 1)/2)H(a* — 4p) elliptic curves over F, with p+1—a 
points. Let SS denote the number of supersingular curves. Since there are p(p — 1) 
elliptic curves over F,, (see Exercise 14.19), it follows that 


(14.20) p(p-1)=s5 + >> P+ H (a —4p). 
0<|a|<2./p 


However, we claim that there is a class number formula 
(14.21) 2p = S- H(a’-4p). 
0<|al<2V/p 


Since (14.20) and (14.21) imply that SS = ((p — 1)/2)H(—4p), we need only prove 
the formula (14.21). 
To prove this, note that H(a? — 4p) = H(,), so that by definition, the right-hand 


side of (14.21) equals 
2 
eR oy: 
0<|al<2yV/p Orc 0’ 


If we define the function x(a) by 


aye 1 ifO, c O' 
X=) 9 otherwise, 


then the above sum can be written as 
2 
Mise YE x@) JA’. 
|O”*| 
oO 0<|a|<2yp 


It is easy to prove that the quantity in parentheses is r(O’, p), which we defined in 
§13 to be |{2 € O' : N() = p} /O”| (see Exercise 14.20). Thus the right-hand side 
of (14.21) becomes 


So r(O',p)h(O’). 

oO 
In Corollary 13.9 we proved that the above sum equals 2p, and (14.21) is proved. 
This completes the proof of Theorem 14.18. Q.E.D. 


Recall that Corollary 13.9 was part of our study of the polynomial ®,(X,X). It 
is rather unexpected that the modular equation has a connection with supersingular 
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curves over F’,. This is just more evidence of the amazing richness of the study of 
elliptic curves. To pursue these topics further, the reader should consult Lang [73] 
and Shimura [90]. Also, see the monographs by Cassou—Nogués and Taylor [15] and 
by Gross [45] for an introduction to some interesting research questions concerning 
elliptic curves and complex multiplication. 

In some cases, the connection between ®,(X,X) and supersingular curves can be 
made more explicit by using the class equation and the polynomial ss,(x) € F,[x] 
whose roots are the j-invariants of supersingular curves in characteristic p—this is 
the supersingular polynomial. For simplicity, suppose that p = 1 mod 12. Then the 
class equation H_4)(x) is related to ss,(x) via the congruence 


H_ap(x) = (gced(x-ssp(x), (x — 1728)0-D/2 4 1))” mod p. 


See Brillhart and Morton [A4, Proposition 11], which also gives congruences for 
other values of p mod 12. These congruences are related to Elkies’ 1987 proof that 
every elliptic curve over Q has supersingular reduction at infinitely many primes. 


D. Elliptic Curve Primality Tests 


In the latter part of the twentieth century, some surprising applications of elliptic 
curves to problems involving factoring and primality were discovered. In 1985, 
Lenstra announced an elliptic curve factoring method [76], and a year later, Gold- 
wasser and Kilian adapted Lenstra’s method to obtain an elliptic curve primality test 
[43]. Both methods use the properties of elliptic curves over finite fields. We will 
concentrate on the Goldwasser—Kilian Test and its variation, the Goldwasser—Kilian— 
Atkin Test. This last test is especially interesting, for it uses the class equations from 
§13. Thus, the polynomial H_4,(X), which appears in our criterion for when p is 
of the form x” + ny’, can actually be used to prove that p is prime! Our treatment 
of these tests will not be complete, and for further details, we refer the reader to the 
articles by Goldwasser and Kilian [43], Lenstra [76] and Morain [79]. See also the 
1993 article [A1] by Atkin and Morain for a definitive presentation. 

Given a potential prime /, the goal of these tests is to prove the primality of J by 
considering elliptic curves over the field Z/1Z. Since we don’t know that / is prime, 
we must treat Z/IZ as a ring, and thus we need a theory of elliptic curves over rings. 
Fortunately, the basic ideas carry over quite easily. Let R be any commutative ring 
with identity where 2 and 3 are units. Then an elliptic curve E over R is a Weierstrass 
equation of the usual form 


y=4-g.x-g3, 82,83 ER, 


where we now require that 
(14.22) A = gi ~—2722 € R*. 


Note that since A is a unit in R, the j-invariant 


3 
Pig linet 
J(E) = 17287 ER 
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is defined. 
Given an elliptic curve E over R, we set 


Eo(R) = {(x,y) ERX Ri y? = 4x? — gox — gs} U {oo}. 


The reason for the new notation is that Eo(R) may fail to be a group! To see this, 
consider P; = (x), y2) and P) = (x2,y2) in Eo(R). If x; 4 x2, then we would like to 
define 


P; + Py = (x3,y3), 


where x3 and y3 are given by the formulas (14.6). The problem comes from the 
denominator x; — x2: it is nonzero in R, but it need not be invertible! For this reason, 
the binary operation is only partially defined on Eo(R). Using tools from algebraic 
geometry, one can define a superset E(R) of Eo(R) which is a group, but we prefer 
to use Eo(R) because it is easier to work with in practice. 

If E is an elliptic curve over Z/IZ, the potentially incomplete group structure on 
Eo(Z/IZ) is not a problem. Namely, if we ever found P, and P) in Eo(Z/1Z) such that 
P, + P, wasn’t defined, then it would follow automatically that / must be composite, 
and the noninvertible denominator would give us a factor of J (just compute the 
appropriate gcd). This observation is the driving force of Lenstra’s elliptic curve 
factoring algorithm (see [76]). 

Before discussing the Goldwasser—Kilian Test, let’s review some basic ideas con- 
cerning primality testing. We regard / as an input of length [log),/], where | | 
is the greatest integer function. The length is thus bounded by a constant times 
log! = log, 1, which we express by writing [log,,/] = O(log/). The most interesting 
question concerning a primality test is its running time: given an input /, how long, as 
a function of log/, does it take a given algorithm to prove that / is (or is not) prime? 
The simplest algorithm (divide by all numbers < V//) requires 


Al = ef! /2)log! 


divisions, and hence runs in exponential time. What we really want is an algorithm 
that runs in polynomial time, i.e., where the running time is O((log/)*) for some 
fixed d. A polynomial time algorithm was discovered in 2002 by Agrawal, Kayal 
and Saxena, and a modified version of their algorithm due to Lenstra and Pomerance 
[A16] has a running time of O((log/)°(loglog/)*) for some computable constant c. 

Another sort of algorithm commonly used is what is called a probabilistic primal- 
ity test. Such a test has two outputs, “prime” and “composite or unluckily prime.” 
In the former case, the algorithm proves the primeness of /, while in the latter case, 
it says either that / is composite or that / is prime and we were unlucky. A nice 
discussion of probabilistic primality tests may be found in Wagon’s article [99]. For 
our purposes, we will explain this concept by considering the following very special 
probabilistic primality test. 

Let / be our potential prime, relatively prime to 6, and suppose that we have an 
elliptic curve E over Z/1Z over with the following two properties: 
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(i) 1+1—2V1 < |Eo(Z/IZ)| <1+142Vvi. 
(ii) |Eo(Z/1Z)| = 2g, where q is an odd prime. 
In certain situations, this setup can be used to prove primality: 


Lemma 14.23. Let I and E be as above, and assume | > 33. Let P # 00 be in 
Eo(Z/IZ). If gP is defined and equal to 00 in Eo(Z/IZ), then | is prime. 


Proof, Assume that / is not prime, and let p < V/ be a prime divisor of /. Using the 
natural map Z//IZ + Z/pZ = F,, we can reduce the equation of E modulo p, and 
by (14.22), we get an elliptic curve E over F,. Furthermore, we get a natural map 


E(Z/IZ) + E(F,) 


which takes P = (x,y) # 00 in Eo(Z/IZ) to P = (%,¥) # 00 in E(Fp). Since this 
map is also clearly a homomorphism (wherever defined), it follows that gP = oo in 
E(F,,). But q is prime, so that P is a point of order g, and hence 


q<\E(F,)| <p+1+2yp, 


where the second inequality comes from Hasse’s theorem (Theorem 14.12). Since 
p < V1, this implies that 


g< Vi4142Vi = (W141). 
However, by assumption, we have 
2q = |Fo(Z/IZ)| > 14+ 1-2Vi = (VI-1)°. 
Combining these two inequalities, we obtain 
Vi-1< V2(71+1), 


which is easily seen to be impossible for / > 33. This contradiction proves the lemma. 
Q.E.D. 


To convert this lemma into a probabilistic primality test, we need one more obser- 
vation. Namely, if / is prime and |Eo(Z/IZ)| = 2q, g an odd prime, then Fo(Z/IZ) 
must be a cyclic group, and hence exactly q — 1 of the 2g — 1 nonidentity elements 
have order g. Thus, the probability that a randomly chosen P 4 00 doesn’t prove 
primality (i.e., has order 4 q) is q/(2q — 1) ~ 1/2, assuming that q is large. 

Now we can state the test. Given E and / be as above, pick k randomly chosen 
points P,,...,P, from Eo(Z/IZ), and then compute gP,,...,qP;. If any one of these 
is defined and equals oo, then by the above lemma, we have a proof of primality. If 
none of gP,...,qF% satisfy this condition, then either / is composite, or J is prime 
and we were unlucky. To see how unlucky, suppose that J were prime. Then our test 
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fails only if all of P\,...,P, have order 4 q. By the above paragraph, the probability 
of this happening is 
Vd 
(=< :) DRS 


So we can’t guarantee a proof of primality, but we have to be mighty unlucky not to 
find one. 

This test depended on the assumptions (i) and (ii) above. The first assumption 
is quite reasonable, since by Hasse’s theorem it holds if / is prime. So if (i) fails, 
we have a proof of compositeness. But the second assumption, that |Fo(Z//Z)| is 
twice a prime, is very special, and certainly fails for most elliptic curves. An added 
difficulty is that |Eo(Z/1Z)| is a very large number (by (i), it has the same order of 
magnitude as /). Thus, even if |Eo(Z/1Z)| = 2g were twice a prime, we’d be unlikely 
to know it, since we’d have to prove that g, a number roughly the size of //2, is also 
prime. 

To overcome these problems, Goldwasser and Kilian used two ideas. The first 
idea is quite simple: 


Choose /ots of elliptic curves E over Z/IZ at random. 


(14.24) If we get one where |Eo(Z/IZ)| = 2q, q a probable prime, 
then use the above special test to check for primality. 


Notice the word “probable.” Using known probabilistic compositeness tests (de- 
scribed in Wagon [99]), one can efficiently reduce to the case where |Eo(Z/IZ)| is of 
the form 2g, where q is probably prime. If the special test succeeds, we have proved 
that / is prime, provided that g is prime. Then the second idea is 


(14.25) Make the above process recursive. 


This means proving g is prime by applying the special test to an elliptic curve over 
Z/qZ@ of order 2q', q' a probable prime. In this way the primality of q' implies the 
primality of g. Since each iteration reduces the size by a factor of 2 (i.e., g is about 
the size of //2, q’ is about the size of q/2, etc.), it follows that in O(log/) steps the 
numbers will get small enough that primality can be verified easily. 

The algorithm contained in (14.24) and (14.25) is the heart of the Goldwasser- 
Kilian primality test (see their article [43] for a fuller discussion). The key unan- 
swered question concerns (14.24): when / is prime, how many elliptic curves do we 
have to choose before finding one where |E(Z/IZ)| is twice a prime? The following 
result of Lenstra plays a crucial role: 


Theorem 14.26. Let 1 be a prime, and let 
S = {2q:q prime, 1+1—Vi<2q<1+1+4+ vi}. 


Then there is a constant c; > 0, independent of | and S, such that the number of 
elliptic curves E over ¥; satisfying |E(F))| € S is at least 


(IS|-2) Vi - 1) 
log! ; 
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Remark. Notice that the elliptic curves described in this theorem satisfy /+1—V/1< 
|E(F))| <1+1+-V/1, which is more restrictive than the bound given by Hasse’s 
theorem. The proof below will explain the reason for this. 


Proof. Given 2q € S, write 2g = 1+1— a. Then we proved in Theorem 14.18 that 
the number of curves with 2g = 1+ 1 —a points is ((J — 1)/2)H(a* — 41), where 
H(a* — 41) is the Hurwitz class number defined earlier. Using classically known 
bounds on class numbers, Lenstra proved in [76] that for 2g € S, with at most two 
exceptions, there is the estimate 


|a* —4]| 


ae ee 
H(a*—4l)>c iol 


where c is a constant independent of the discriminant (see [76, Proposition 1.8]). We 
are assuming that |a| < V1, which implies \/Ja? — 41| > V3/, and consequently 


a ee Vi(l—1) 
= = > ——— a 
2 H(a 4!) 2C| log! ’ 
where c; = V3c/2. The theorem follows immediately. Q.E.D. 


By this theorem, we are reduced to knowing the number of primes in the interval 
[(i+1)/2— 1/2, (1+1)/2+Vi/2]. By the Prime Number Theorem, the probability 
that a number in the interval (0, N} is prime is 1/logN. It is conjectured that this holds 
for intervals of shorter length. Applied to the above, we get the following conjecture: 


Conjecture 14.27. There is a constant cp > 0 such that, for all sufficiently large 
primes I, the number of primes in the interval [(1 + 1)/2—V1/2, (1+1)/2+ v1/2] 
is at least 

v1 


2 Tog] 


If this conjecture were true, then Theorem 14.26 would imply that when / is large, 
there is a constant c3, independent of /, such that at least 
l(i-1) 
©" (ogi)? 


elliptic curves E over Z/IZ have order |E(F,)| = 2q for some prime q (see Exer- 
cise 14.21). Since there are /(/ — 1) elliptic curves over F;, it follows that there is a 
probability of at least 


(14.28) c3/(logl)? 


that |E(F;)| has the desired order. 
Now we can explain how many curves need to be chosen in (14.24). Namely, pick 
an integer k, and pick k(log/)*/c3 randomly chosen elliptic curves over Z/IZ. If 1 
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were prime, could all these curves fail to have order twice a prime? By (14.28), the 
probability of this happening is less than 


is k(log!)?/c3 7 1 
(log)? ~ ek° 


It remains to give a run time analysis of the Goldwasser—Kilian Test. For (14.24), 
we need to pick O((log/)”) curves and count the number of points on each one. 
By an algorithm of Schoof (see Morain [79, §5.5]), it takes O((log/)*) to count the 
points on each curve. Once a curve with |Eo(Z//Z)| = 2q is found, we then need 
to pick points P € Eo(Z/IZ) and compute qP. These operations are bounded by 
O((log/)*) (see Goldwasser and Kilian [43, §4.3]), and thus the run time of (14.24) 
is O((log/)!°). By (14.25), we have to iterate this O(log/) times, so that the run time 
of the whole algorithm is O((log/)!'). 

The above analysis is predicated on Conjecture 14.27, which may be very difficult 
to prove (or even false!). But now comes the final ingredient: using known results 
about the distribution of primes, Goldwasser and Kilian were able to prove that their 
algorithm terminates with a run time of O(k!') for at least 


(1—O(27F)) x 100% 


of the prime inputs of length k (see [43, Theorem 3]). Thus the Goldwasser—Kilian 
Test is almost a polynomial time probabilistic primality test! 

In practice, the implementation of the Goldwasser—Kilian Test is more compli- 
cated than the algorithm sketched above. The main difference is that the order 
|Eo(Z/IZ)| is allowed to be of the form mq, where m may be bigger than 2 but is 
still small compared to g. This means that fewer elliptic curves must be tried before 
finding a suitable one, and thus the algorithm runs faster. For the details of how this 
is done, see Goldwasser and Kilian [43, §4.4] or Morain [79, §§2.2.2 and 7.7]. 

The most “expensive” part of the Goldwasser—Kilian Test is the O((log/)®) spent 
counting the points on a given elliptic curve. So rather than starting with E and then 
computing |Eo(Z/IZ)| the hard way, why not use the theory developed earlier to 
predict the order? This is the basis of the Goldwasser—Kilian—Atkin Test, which we 
will discuss next. 

The wonderful thing about this test is that it brings us back to our topic of primes 
of the form x” + ny”. To see why, let / be a prime, and let n be a positive integer such 
that / can be written as 

l=a’+nb’, a,be Z. 
We will use this information to produce an elliptic curve over F; with 1+ 1— 2a 
points on it. The basic idea is to use the characterization of primes of the form 
x° + ny? proved in §13: 
(—n/1) = 1 and H_4,(X) =0 mod 1 


l=’+4+n~—> : ; 
cd has an integer solution, 


where H_4,(X) is the class equation for discriminant —4n (see Theorem 13.23). 
Thus / = a? + nb? gives us a solution j of the congruence H_4,(X) = 0 mod p, and 
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for simplicity, we will suppose that j 4 0,17284 mod /. Define k € F; to be the 
congruence class 
27j 
k= |——— 
j—1728 


and then consider the two elliptic curves 


y =40 —kx—-k 


14.29 
, y =43 —ekx- ck, 


where c € F; is a nonsquare. We have the following result: 


Proposition 14.30. Of the two elliptic curves over F, defined in (14.29), one has 
order 1+ 1 —2a, and the other has order 1+ 1+ 2a, where | = a* + nb’. 


Proof. Let L be the ring class field of the order O = Z[{,/—nl, and let H_4,(X) = 
TL (x — j(a;)) be the class equation. If $8 is prime in L containing /, then the 
isomorphism O,/§8 ~ Z/IZ = F; shows that our solution j of H_4,(X) = 0 mod / 
satisfies j = j(a;) mod 8 for some i. It follows that the curves (14.29) are members 
of the corresponding collection E, constructed in the proof of Theorem 14.18, and 
our proposition then follows immediately since / = 77 in O, where 7 = a+b,/—n. 

Q.E.D. 


The curves (14.29) don’t make sense when j = 0,1728 mod /, but the proof of 
Theorem 14.18 makes it clear how to proceed in these cases. 

We can now sketch the Goldwasser—Kilian—Atkin Test. Given a potential prime 
1, one searches for the smallest n with 1 of the form a” +nb*. Once we succeed, 
we check if either / + 1+ 2a is twice a probable prime gq. If not, we look for the 
next n with | = a2 +nb*. We continue this until / + 1 + 2a has the right form, and 
then we apply the special primality test embodied in Lemma 14.23, using the two 
curves given in (14.29). In this way, we can prove that / is prime, provided that q is 
prime. Then, as in the regular Goldwasser—Kilian Test, we make the whole process 
recursive. 

In practice, the implementation of the Goldwasser—Kilian—Atkin Test improves 
the run time by allowing the order / + 1 + 2a to be more complicated than just twice 
a prime. The complete description of an implementation can be found in Morain’s 
article [79]. See also Atkin and Morain [A1}. 

For our purposes, this test is wonderful because it relates so nicely to our problem 
of when a prime is of the form x* +ny*. But from a practical point of view, the 
situation is less than ideal, for the test requires knowing H_4,(X), a polynomial with 
notoriously large coefficients. So in implementing the Goldwasser—Kilian—Atkin 
Test, one of the main goals is to avoid computing the full class equation. Different 
authors have taken different approaches to this problem, but the basic idea in each 
case is to use the Weber functions f(r), fi(7) and f2(7) from §12. In [79, §6.2], 
Morain uses formulas of Weber, such as the one quoted in §12 


§(V—105)° = V2" (1 + V3)(1 + V5)3(V34+ VIP(VS+V7), 
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to determine a root of H_4,(X) modulo / when n is one of Euler’s convenient num- 
bers (as defined in §3). Another approach, suggested by Kaltofen, Valente and Yui 
[64], is to use the methods of Kaltofen and Yui [65] to compute the minimal polyno- 
mials of the Weber functions. To see the potential savings, consider the case n = 14. 
We proved in §12 that 


_ v¥24+14+V2Vv2-1 
fi(V—14)? = v2 


7 ib 16 

10=A) = (O/T) ae) 
It is clear which one has the simpler minimal polynomial! The papers by Kaltofen, 
Valente and Yui [64] and Morain [79] give more details on the various implementions 
of the Goldwasser—Kilian—Atkin Test. See also the paper [A1] by Atkin and Morain. 

Primality testing is a good place to end this section, for primes are the basis of 

all number theory. We began in §1 with concrete questions concerning p = x? + y?, 
x? +2y? and x? + 3y?, and followed the general question of x* + ny” through various 
wonderful areas of number theory. The theory of §8 was rather abstract, and even the 
ring class fields of §9 were not very intuitive. Complex multiplication helped bring 
these ideas down to earth, and now elliptic curves bring us back to the question of 
proving that a given number is prime. Fermat and Euler would have loved it. 


E. Exercises 


14.1. Let K be a field, and let P?(K) be the projective plane over K, which is the 
set K> — {0}/ ~, where we set (Ax, Ay, Az) ~ (x,y,z) for all \ € K*. 


(a) Show that the map (x,y) +> (x,y, 1) defines an injection K* -> P?(K) and 
that the complement P?(K) — K? consists of those points with z = 0 (this 
is called the line at infinity). 


(b) Given an elliptic curve E over K defined by the Weierstrass equation 
y* = 4x? — gox — g3 we form the equation 


yz = 4x? — goxz” — g32”, 
which is a homogeneous equation of degree 3. Then we define 
E(K) = {(x,y,z) € P°(K) : y°z = 42° — goxz” — g32’}. 
To relate this to E(K), show that 
E(K) = {(x,y,1) € P?(K) : y? = 4° — gox— 93} U {0, 1,0}. 


Thus the projective solutions consist of the solutions of the affine equa- 
tion together with one point at infinity, (0,1,0). This is the point denoted 
co in the text. 
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14.2. Let Lc C bea lattice, and let y? = 4x° — go(L)x — g3(L) be the corresponding 
elliptic curve. Then show that the map z+> (¢(z), 9’ (z)) induces a bijection 


(C—L)/L —> E(C) — {ov}. 


Hint: use Lemma 10.4 and part (b) of Exercise 10.14. Note also that ¢’(z) is 
an odd function. 


14.3. Prove Proposition 14.3. 
14.4. In this exercise we will study elliptic curves with the same j-invariant. 


(a) Prove Propositions 14.4 and 14.5. 


(b) Consider the elliptic curves y* = 4x3 — g3, where g3 is any nonzero inte- 
ger. These curves all have j-invariant 0, so that they are all isomorphic 
over C. Show that over Q, these curves break up into infinitely many 
isomorphism classes. 


14.5. In this exercise we will study the addition and duplication laws of ¢'(z). 


(a) Use formula (14.6) and the addition law for (z+ w) (see Theorem 10.1) 
to conjecture and prove an addition law for g’(z+ w). 

(b) Use formula (14.7) and the duplication law for 9(2z) (see (10.13)) to 
conjecture and prove a duplication law for ’(2z). 


14.6 If L and L’ are lattices and aL Cc L’, where a # 0, show that the kernel of the 
map a: C/L— C/L’ is isomorphic to L'/aL. 


14.7. Complete the proof (begun in (14.10)) that 


(x > (ee Sh) 


defines the isogeny of y* = 4x — 30x — 28 given by complex multiplication 
by /—2. Hint: use the discussion surrounding (10.21) and (10.22). 


14.8. Let E be an elliptic curve the finite field F,, and for any extension F, C L, 
define Frob, : E(L) —-> E(L) by Frob,(x,y) = (x1,y?). 


(a) Show that Frob, is a group homomorphism. 


(b) Show that Frob, is not of the form (R(x), (1/a)R’(x)y) for any rational 
function R(x). 


14.9, Formulate and prove a version of Proposition 14.9 that applies to lattices L 
and L’ such that aL C L’ for some a € C*. 


14.10. Use Theorem 11.23 to prove Proposition 14.11. 
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14.11. 


14.12. 


14.13. 


14.14. 


14.15. 


14.16. 
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If E is an elliptic curve over F,, then prove that |E(F,)| <2q+ 1. Hint: given 
x, how many y’s can satisfy y* = 4x> — gox — 93? 


If E is an elliptic curve over F,, then show that 


E(F,) =ker(Frob, : E(F,) > E(F,)), 


where F, is the algebraic closure of F,. Hint: for x € F,, recall that x € F;, if 
and only if x? = x. 


This exercise is concerned with the relation between Gauss’ claim (14.17) 
and Theorem 14.16. 


(a) Verify that the transformation (x,y) > (3x/(1+y),9(1 — y)/(1 +)) 
takes the curve x? = y>+ 1 into the elliptic curve E defined by y* = 
4x3 — 27. 


(b) The projective version of (a) is given by (x,y,z) +> (3x,9(z—y),z+y). 
Check that (0,—1) on x? = y?+1 is the only point that maps to co = 
(0,1,0) on E. 


(c) Check that x? = y? + 1 has three points at infinity. Hint: remember that 
p=1mod 3. 


(d) Show that E has complex multiplication by Z[w], w = e?/3. Hint: see 
Exercise 10.17. 


The last entry in Gauss’ mathematical diary says that for a prime p = | mod 4, 


If p =a’ +b’ and a+ biis primary, then N = p — 2a — 3, where 


N is the number of solutions modulo p of x” + y? +x’y? = 1 mod p. 


Show that this is a special case of Theorem 14.16. Hint: use the change 
of variables (x,y) + ((1 +x)/2(1 — x), (1 +.7)y/(1 — x)) to transform the 
curve x? + y?+ xy = 1 into the elliptic curve y* = 4x° +x. See the discussion 
surrounding (4.24) for more details and references. 


Prove that p does not divide the discriminant of the order ©, defined in the 
proof of Theorem 14.18. 


Let E be an elliptic curve over a field K, and assume that its j-invariant j is 
different from 0 and 1728. Then define k € K to be the number 


ee 
~ J—1728° 


Then show that the Weierstrass equation for E can be written in the form 
y = 4 — kx — cok 


for a unique c € K*. Hint: c = g3/g2. 


14.17. 
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Let © be an order in an imaginary quadratic field, and let p be a prime not 
dividing the conductor of O. If x € O satisfies N() = p, then prove that all 
solutions a € O of N(a) = p are given by a = em or em for € € O*. Hint: 
this can be proved using unique factorization of ideals prime to the conductor 
(see Exercise 7.26). 


Let E, be one of the collections of elliptic curve over F, which appear in 
the proof of Theorem 14.18, and let j denote their common j-invariant. By 
Exercise 14.16, note that E, consists of all elliptic curves over F, with this 
j-invariant. 


(a) If 7 4 0, 1728, show that the curves break up into two isomorphism 
classes, each consisting of (p — 1)/2 curves. Hint: consider the subgroup 
of squares in F> . 

(b) If j = 1728 and p = 1 mod 4, then show that there are four isomorphism 
classes, each consisting of (p — 1) /4 curves. 


(c) If 7 = 0 and p = 1 mod 3, then show that there are six isomorphism 
classes, each consisting of (p — 1)/6 curves. 


In this exercise, we will sketch two proofs that there are g(q— 1) elliptic 
curves over the finite field F,. As usual, g = p*, p > 3. 


(a) Adapt the proof of Exercise 14.16 to show that there are q possible j- 
invariants for elliptic curves over F,, and show that there are g — 1 curves 
with a given j-invariant. This gives g(q — 1) elliptic curves. 

(b) A second way to prove the formula is to show that there are exactly q 
solutions (g2,g3) € F? of the equation g3 — 27g3 = 0. We can write this 
as (g2/3)? = g3, and after excluding the trivial solution (0,0) we need 
to study solutions of u? = v in the group F7. So prove the following 
general fact: if G is a finite Abelian group and a,b € Z are relatively 
prime, then the equation u* = v? has exactly |G| solutions in G x G. 


Let ©’ be an order in an imaginary quadratic field. Given a integer m which 
isn’t a perfect square, show that 


{a € O' : N(a) = m}| =2 S x(a); 
O<|al<2Vmi 
where x(a) is defined by 


(aes 1 if O' contains a root of x2 —ax+m 
x4) =) otherwise. 


Use Theorem 14.26 to show that when Conjecture 14.27 is true, there is a 
constant c3 > 0 such that for all sufficiently large primes J, there are at least 


i= 15 
“3” (ogi)? 


elliptic curves E over F; with |E(F;)| twice a prime. 
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Let y? = 423 — gx — g3 be an elliptic curve E over K of characteristic 4 2, 3. 
P' 


(a) Use (14.7) to show that the elements of order 2 of E(K) are the points 
(a,0), where a € K is a root of 4x7 — gox — g3. 

(b) Assume that g3 = 0. If (A,B) € E(K) with B 4 0 and (x,y) = 2(A,B), 
then use (14.7) to show that 


x= 4A” + 82 ‘ 
4B 


Let E be the elliptic curve defined by y* = 4x° — 48x. The discriminant of E 
is A = (—48)3 = —2!233, so E has good reduction modulo primes > 3. Note 
also that E has complex multiplication by Z[i] and that P = (—2,8) is a point 
of E(Q). In this exercise, we will assume that g = 2 — 1 is prime, where 
k > 3. Let E be the reduction of E modulo q. Note that g = 7 mod 24. 


(a) Show that E is supersingular. Hint: if not, use Theorem 14.14 to show 
that Frob, € Z[i]. Then consider degrees. 

(b) By (a) and Proposition 14.15, |E(F,)| =q+1=2*. Use Exercise 14.22 
to show that (0,0) is the unique element of order 2 of E(F,) and conclude 
that E(IF,) is cyclic. Hint: compute (12/q). 

(c) Prove that (—2,8) € E(IF,) generates E(F,). Hint: assume not and use 
Exercise 14.22 to show that —2 is a square in F,. Then compute (—2/q). 


Consider the Mersenne number g = 2" — 1, k an odd prime. We give a method 
due to Gross [A12] to test whether q is prime using the the elliptic curve E of 
Exercise 14.23. Let E be the reduction of E over the ring Z/qZ. It is easy to 
see that E is an elliptic curve over Z/qZ. Note also that (—2,8) € E(Z/qZ). 
Now the method: set P; = (—2,8) and successively compute Pp = 2Pe_; in 
E(Z/qZ) for £ > 2. Stop when one of the following scenarios occurs: 


A: Py is defined for all 2 < k—1 and k_; = (0,0). 
B: Pp is defined for all 2< k— 1 and R_; # (0,0). 
C: Pe is undefined for some £ < k — 1 (see the discussion following (14.22)). 


(a) Show that g cannot be prime in scenario B or C. Hint: Exercise 14.23. 
Also note that in a cyclic group of order 2*, an element a generates if and 
only if 2*~'a is the unique element of order 2. 

(b) It remains to show that q is prime in scenario A. Following Gross [A12], 
let p be a prime divisor of q and let E be the reduction of E over F,. 


(i) Show that (—2,8) € E(F,) has order q+ 1. Thus |E(F,)| >q+1. 
(ii) Apply the Hasse bound (Theorem 14.12) to E to show that p = q. 


In [A12], Gross uses the elliptic curve Y? = X3— 12X, whichis isomorphic to 
the above curve E via (X,Y) = (x,y/2). Gross also gives a more elementary 
version of the above method that highlights the relation with the clissica) 
Lucas—Lehmer Test for primality of Mersenne numbers. 
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§15. SHIMURA RECIPROCITY 


One step in the proof of Theorem 12.24 from §12 is the formula 
(15.1) o(fi(v—m)°) = fi(aw=m)®, 


where m = 6 mod 8, f; is one of the Weber functions, o is in a certain Galois group, 
and = ( ; ZA As we remarked after the proof, (15.1) shows how the Galois action 
on a special value of a modular function is given by an element of SL(2,Z). We also 
noted that this was a special case of the Shimura Reciprocity Theorem. 

In this section, we will state versions of Shimura reciprocity that apply to ring 
class fields and what we call extended ring class fields. We will then re-prove some 
of the results from §12 using Shimura reciprocity. Our exposition is based on the 
work of Peter Stevenhagen and Alice Gee [A10, Al1, A23] and Bumkyo Cho [A6]. 


A. Modular Functions and Shimura Reciprocity 


Earlier in the book, we used modular functions for the congruence subgroup T'o(7m). 
For Shimura reciprocity, we instead use the congruence subgroup 


['(m) = {7 € SL(2,Z) : y =I mod m}, 


where J is the 2 x 2 identity matrix. Thus I‘(m) is the kernel of the reduction map 
SL(2,Z) > SL(2,Z/mZ). 

A modular function of level m is a function f defined on the upper half plane 6, 
except for isolated singularities, which satisfies the following three conditions: 


(i) f is meromorphic on }. 
(ii) f is invariant under I'(m). 
(iit) f is meromorphic at the cusps. 


These conditions are similar to the corresponding definition for [o(m) from §11. To 
explain (iii), note that f(y(7 +_m)) = f(77) for y € SL(2,Z) since (}) € P'(m) 
and ['(m) is normal in SL(2,Z). As in §11, this gives the g-expansion 


co 


for)= Yo ag’, q=e. 


n=—0oO 


Then “meromorphic at the cusps” means that for all 7 € SL(2,Z), this expansion has 
only finitely many terms with negative exponents. 

Rather than work with all modular functions of level m, we will work with the 
set F,, of all modular functions of level m whose q-expansions have coefficients 
in Q(Cn)s Gm = @27/™. In Exercise 15.1 we will show that F,, is a field and that 


F, = Qj). 
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For an example of a modular function, consider the Weber functions f;(7) from 
§12. In Proposition 12.25 we showed that f,(87)° is a modular function for P'9(32). 
Here is a similar result for f; (7)? and f,(7)°: 


Proposition 15.2. f;(7)* € Fog and f,(r)® € Fs. 


Proof. Recall the group I'9(2)' = {(44) : b=0 mod 2} introduced in the proof of 
Proposition 12.25. In (12.26), we showed how f;(7)° transforms under elements of 
T'9(2)'. For f:(r)*, we need the formula 


— tab+ce(d(t—a’)—a) 


(15.3) ign =. fi(r)? 


when ¥ = (4%) €1o(2)'. This follows from the transformation law for the Dedekind 
y-function given in Schertz [A19]. See Exercise 15.2 for the details. 

The formula (15.3) makes it easy to see that f, (7)? is invariant under I'(24). To 
complete the proof of f,(7)? € F24, we need to study what happens at the cusps. We 
will do this in Exercise 15.2 using the methods of the proof of Proposition 12.25. 

In Exercise 15.2 we will show that f;(7)° € Fg by asimilar argument. Q.E.D. 


Given + € SL(2,Z), the map f(r) + f7(r) = f(q7) is easily seen to be an au- 
tomorphism of F,,, which is the identity on F,(¢,,). Since every f € F,, is invariant 
under +I'(m), we get a homomorphism 


(15.4) SL(2,Z/mZ) / {+I} — Gal(Fn/F,(G,,))- 
This sets the stage for the following well-known result (see Lang [73, p. 66]): 


Theorem 15.5. F,, is a Galois extension of F\(¢,,) and the above homomorphism is 
an isomorphism, i.e., 


SL(2,Z/mZ) / {+1} ~ Gal(Fn/F,(¢,,)). QED. 


We regard this Galois group as acting geometrically on modular forms. For an 
example, recall from §12 that f2(r) = fi(—1/7) = fi(St) =f? (7), where S = (9 ~). 
It follows from Proposition 15.2 that f2(7)? € F24 and f2(r)® € Fs. 

We can also compute the Galois group of F,, over F,. An integer d relatively 
prime to m gives (}9) € GL(2,Z/mZ). This matrix acts arithmetically on the coef- 
ficients of the g-expansion of f € F,, via the Galois automorphism that takes ¢,,, to 
Ce Then, as described in Lang [73, p. 66], we have the following result: 


Theorem 15.6. F,,, is a Galois extension of F, with Galois group 
GL(2, Z/mZ) / {+1} ~ Gal(F,,/F,), 


where the isomorphism combines the geometric action of SL(2,Z/mZ) / {+1} from 
(15.4) with the arithmetic action of (},9) € GL(2,Z/mZ) described above. Q.E.D. 
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For Shimura reciprocity, we need to consider modular functions of all levels. De- 
fine the field of modular functions to be the union 


Since F is an infinite Galois extension of F,, its Galois group is the inverse limit 


Gal(F/F,) = lim Gal(F,,/F,) 
(15.7) ~ lim GL(2,Z/mZ) / {£1} ~ GL(2,Z) /{+1}, 


where the second line uses Theorem 15.6, and Z is defined by 


a 


Z = lim Z/mZ. 
‘mn 


This is sometimes called the profinite completion of Z since the limit is over all finite 
quotients of Z. A more concrete description of Z is given by the infinite product 


(15.8) Z=|[Z,, 
P 
where Z, is the ring of p-adic integers. 
We also need the group Gal(F/Q) of all automorphisms of F. The group 
GL(2,Q)* = {7 € GL(2,Q) : det(y) > 0} 


acts naturally on F, since given f € F and y € GL(2,Q)", the transformed function 
f7(7) = f(T) is still a modular function, but possibly of a different level. To see 
why, first note that multiplying y by an integer does not change its action on h. Hence 
we may assume that has integer entries. Let N = det(), which is positive since 
7 € GL(2,Q)*. In Exercise 15.3, we will show that 


0 (mN)y~' CT (m). 


This makes it easy to see that if f € F,,, then f7 is invariant under '(mN). We will 
show that f7 € F,,xv in Exercise 19.3, 
To combine the actions of GL(2,Z) and GL(2,Q)t* on F, we use the ring 


and the obvious maps 


GL(2,Z) —> GL(2,Q) 
GL(2,Q)*+—+ GL(2,Q). 


We now have everything we need to describe Gal(F/Q). 
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Theorem 15.9. 


(i) Every element y € GL(2,Q) can be written as y = uv for u € GL(2,Z) and 
v € GL(2,Q)*. 


(ii) fH f? = (f")” gives a well-defined action of GL(2,Q) on the field F such 
that the subgroup Q*I C GL(2,Q) acts trivially on F. 


(iii) This action induces an isomorphism 
GL(2,Q) /Q*I ~ Gal(F/Q). 


Proof. See Lang [73, §7.2, Theorem 6]. Q.E.D. 


Remark. The decompostion y = uv from part (i) of the theorem is not unique since 
GL(2,Z) NGL(2,Q)* = SL(2,Z). But the action defined in part (ii) can be shown 
to be well-defined. We note also that (15.8) gives an injective map 


(15.10) GL(2,Q) — ]]GL(2,Q,) 


P 


whose image consists of all y = (yp) € I], GL(2,Q,) such that yp) € Il, GL(2,Z,) 
for all but finitely many p (see Exercise 15.4). 


Theorem 15.9 describes the modular action of GL(2,Q) on F. This action is the 
first key player in Shimura reciprocity. The second key player comes from the idelic 
Artin maps (8.22) from the end of §8. These are the surjective maps 


Oi /k :Cx =Ik/K* —+ Gal(L/K), 


where Ix is the idele group of the number field K and K C L is an Abelian Galois 
extension. When we consider all such extensions of K, we get the maximal Abelian 
extension K*, One can think of K®? as the union of all subfields of C that are finite 
Abelian Galois extensions of K. The maps ®; /x fit together to give a surjection 


(15.11) }x : Cx —> Gal(K”/K). 


The resulting map Ix —> Gal(K“/K) is the idelic action of the idele group Ix on K”. 
We can now state Shimura reciprocity. Proofs can be found in Lang [73, Ch. 11] 
and Shimura [90, Thm. 6.31]. 


Theorem 15.12 (Shimura Reciprocity). Let K be an imaginary quadratic field and 
fix T €KMb. Then f(t) € K® for any modular function f € F such that f(t) 
is defined. Furthermore, if an idele x € 1x maps to o € Gal(K®/K), then there is 
8m(x~!) € GL(2,Q) such that 


o(f(t)) = fe (7). Q.E.D. 
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Shimura reciprocity thus consists of two miracles: first, that f(7) € K%, and 
second, that given an idele x € Ix, then there is g,,(x~!) € GL(2,Q) such that the 
idelic action of x on f(7)) € K® is given by the modular action of g,,(x~') on f, 
followed by evaluation at 79. 

There is also an explicit idelic description of g,,(x~!) which we will give later in 
the section. 

In spite of its elegance and evident power, Shimura reciprocity is not easy to use as 
stated in Theorem 15.12. Hence our next task is to explore some more user-friendly 
versions of the theorem due to Stevenhagen and Gee [A10, All, A23]. 


B. Extended Ring Class Fields 


Let O be an order of conductor f in an imaginary quadratic field K. In §9, we in- 
troduced the ring class field of O, denoted here by Lo. This field is determined 
via the Existence Theorem of class field theory (Theorem 8.6) by the subgroup 
Px z(f) C Ix(f) generated by principal ideals aOx € Ix(f) where a =a mod fOx 
for some a € Z (see Proposition 7.22). This implies that 


Gal(Lo/K) ~ Ix(f)/Px,z(f) ~ C(O), 


where C(©) is the class group and the final isomorphism is from Proposition 7.22. 
The goal of this section is to describe some interesting Abelian extensions of Lo 
indexed by positive integers m. Following Cho [A6], we define 


Px,z,m(fm) C Ix(fm) 


to be the subgroup generated by the principal ideals aOx € Ix(fm) where a € Ox 
satisfies 
a =amod fmOx for some a € Z with a= 1 mod m. 


Since this subgroup obviously contains Px ;( fm), the Existence Theorem mentioned 
above gives an extension Lo,, of K with Galois group 


Gal(Lo,m/K) ~ Ix(fm)/Px,z,m(fm). 


We call Lom the extended ring class field of level m. Note that Leo, m is the ray class 
field of modulus m. The field Lo», is related to the ring class field Lo as follows: 


Lemma 15.13. Lo» is a Galois extension of Lo, and there is an exact sequence 
O* —> (O/mO)* — Gal(Lom/Lo) — 1. 

Proof. First observe that Ix(fm) C Ig(f) induces an inclusion 
Tx (fm) /(IL(fm) 0 Px,2(f))  Ix(f)/Px,2(f) 

which is actually an isomorphism (see Exercise 15.5). Hence 


Gal(Lo/K) ~ Ix(fm)/(Ik(fm) 1 Px,z(f)). 
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The inclusion Lo C Lom follows from Px zm(fm) C In (fm) Px,z(f) by class field 
theory. Then the above isomorphisms for Gal(Lo /K) and Gal(Lom/K) imply that 


Gal(Lo,m/Lo) = ker(Gal(Lom/K) > Gal(Lo/K)) 
~ (Ix(fm) OPx,2(f))/Px,z,m(fm). 
Hence it suffices to show that we have an exact sequence 
(15.14) O* —+ (O/mO)* —> (Ix (fm) Px,z(f))/Px,z,m(fm) — 1. 


An elementary argument (see Exercise 15.5) shows that any class in (O/mO)* 
can be represented by a € O relatively prime to fm. Such an a gives the ideal aOx € 
Ix(fm). To show that aOx € Px z(f), we follow the proof of Proposition 7.22. 
Write Ox = [1,wx], so that O = [1, fwx]. Then a =a+bfwe for a,b € Z, and 
a =amod fOx follows. This shows that aOx € Ix(fm)M Px,z(f). 

We next observe that aOx € Px,z,m(fm) when a is relatively prime to fm and 
satisfies vw = 1 mod mO. This is easy to see, since the congruence gives a = 1+ mf, 
and then writing 8 =c+dfwx for c,d € Z shows that a = 1+mc mod fmOx. It 
follows that aOx € Px ,z,m(fm). 

Next suppose that a: = 6 mod mO with a, f relatively prime to fm. Then we can 
find 6 € O with 66 = 1 mod fmO. This implies ad = 86 = 1 mod mO. By the 
previous paragraph, we obtain 


aOx -5OK = AdOK € Px z,m( fm) 
BOx -dOx = BbOx € Pr z,m(fm). 


If follows that aOx and BOx are equal modulo Px z,m(fm). 

Hence we have a well-defined map (O/mO)* > (Ig (fm) NPx,z(f))/Px,z,m( fm). 
For surjectivity, note that Ix (fm) Px,z(f) C In(fm) is generated by the principal 
ideals @Ox € Ix (fm) where a € Ox satisfies 


a=amod fOx for somea€ Z 


(see Exercise 15.5). This congruence implies a € O, and surjectivity follows. 

To prove that the sequence (15.14) is exact at (O/mO)*, assume that a € O maps 
to aOK © Priz.m(fm). Then a@Ox = BOx, where 6 € Ox satisfies 8 = a mod fmOx 
and a = 1 mod m. Since fOx C O, we see that 8 € O and 6 = 1 mod mO, We also 
have aO = GO by Proposition 7.20 since a and f are relatively prime to f. Hence 
a = uf for some u € ©*, and the desired exactness follows easily. Q.E.D. 


A pleasant surprise is that for the order O = Z[,/—n], the problem of p = x? +ny” 
has an interesting relation to extended ring class fields discovered by Cho [A6]: 


Theorem 15.15. Let n and m be positive integers. Then there is a monic irreducible 
polynomial fn m(x) € Z|x| such that if an odd prime p divides neither nm nor the 
discriminant of frjm(x), then 


p =x +ny’ with (—n/p) =1 and frm(x) =0 mod p 
= : ‘ : 7 
x=1modm, y=Omodm has an integer solution 
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Furthermore, fnm(x) may be taken to be the minimal polynomial of a real algebraic 
integer a for which L = K(a) is the level m extended ring class field of the order 
Z|./—n] in the imaginary quadratic field K = Q(./—n). 


Proof. The proof is similar to the argument used to prove Theorems 9.2 and 9.4. The 
conductor f of O = Z[,/—n] is determined by the equation —4n = f?dx. Now let p 
be an odd prime not dividing nm. Then p is unramified in Lo,,. Furthermore, 
p=x+ny’ with x = 1 modm, y=0modm 
<=> pOx = pp, p= (x+ V—ny)Ox, x= 1modm, y=0modm 
<=> pOx = pp, p=aOx, aC O, a=1 mod mO. 


Since p is relatively prime to fm, the proof of Lemma 15.13 shows that the last 
condition is equivalent to p € Px,z,m(fm). From here, the rest of the proof follows 
as in the proofs of Theorems 9.2 and 9.4. We leave the details as Exercise 15.7. See 
also Cho [A6, Theorem 1]. Q.E.D. 


We will give an example of this theorem very shortly. 


C. Shimura Reciprocity for Extended Ring Class Fields 


Let K be an imaginary quadratic field K. A point 7) € Kb is a root of ax*+bx+c, 
where a,b,c € Z are relatively prime with a > 0. Recall from Theorem 7.7 that the 
lattice [1,79] is a proper ideal for the order O = [1,a79]. 

Given a modular function f € F, Shimura reciprocity implies that f(7o) lies in 
some Abelian extension of K. We saw examples in §12 where f(70) lay in the ring 
class field Lo. This is not true in general, but we still have the following very nice 
consequence of Shimura reciprocity: 


Theorem 15.16. Fix 7) and O be as above and assume that f(t) is defined for a 
modular function f € Fm, Then f (70) € Loym- 


We will defer the proof until later in the section. We also note that a stronger 
result holds, namely 


Lom = K(f (70) : f € Fm is defined at 7). 


See Cho [A6, Theorem 4] for a proof. 

Here is an example from [A6] that illustrates Theorems 15.15 and 15.16. Consider 
K = Q(i) and let O = Ox = Z[i]. Then Lo = K since h(O) = 1. It follows from 
Lemma 15.13 that L = Lo ,5 has degree 4 over K. 

We can apply Theorem 15.15 to any element of F;. For example, consider the 
Rogers—Ramanujan continued fraction 
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As explained by Duke [A9], r(7) is invariant under I'(5), and it also has a rational 
q-expansion because of the amazing identity proved by Rogers: 


a nv(2) 
r(r) =q'* [Ja-a)", 
n=1 


where (5/7) is built from the Legendre and Kronecker symbols in the usual way. The 
transformation formulas for r(r + 1) and r(—1/7) from [A9, Proposition 2] imply 
that r(7) € Fs, and then applying Theorem 15.16 with 7 = i gives r(i) € L. 

In his first letter to Hardy in 1913, Ramanujan gives the value 


ne e72n/5 = 5+V5_ V5+1 
~1 e7l" ~ 2 2 


eae 


for the continued fraction. This is a root of the quartic x* + 2x? — 6x” — 2x+ 1, which 
is irreducible over K. It follows that 


L=Los=K(r(i). 


Since the discriminant of x4 + 2x3 — 6x* — 2x+ 1 is 32000 = 2853, it follows from 
Theorem 15.15 that for any prime p > 5, we have 


x4 +233 — 6x? —2x+1=0mod p 


{ p=x+y°’ with 
has an integer solution 


p =i mod 4 and 
Pr Paar as 


See Exercise 15.24 for a different approach to this example. 

Now suppose that we are in the general situation of Theorem 15.16 and want to 
know whether or not f(7) € Lo,m lies in the smaller ring class field Lo. Hence we 
need to understand how the Galois group Gal(Lo m/Lo) acts on f (70). 

This is where Shimura reciprocity enters the picture. There are three ingredients: 


(i) The exact sequence O* — (O/mO)* — Gal(Lom/Lo) — 1 described in 
Lemma 15.13. 


(ii) The action of GL(2,Z/mZ) on F,, described in Theorem 15.6. 

(iii) The map g,, : (O/mO)* — GL(2,Z/mZ) given by the action of (O/mO)* 
on Z/mZ1+Z/mZ. To describe this map, recall that O = [1,a7o] and take 
u=A-+ Bato € (O/mO)* with A,B € Z/mZ. Then one computes that 


u-T) = (A+ Bato)T| = (A—bB)-™m—-Bc-1 
u-1 =(A+Bato) 1 = aB-7 + A-1 
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since a7 + bt +c =0. Then define 


a lu= A-—bB —Bc 
“)—=\ GB A 


) € GL(2,Z/mZ). 


This is the transpose of the matrix representing multiplication by u with respect 
to the basis consisting of 7 and 1. The matrix is invertible since u € (O/mO)*. 
Note that if u = [8] € (O/mO)’, then det(g,, (u)) = [N(8)] in (Z/mZ)*. 


We now state a version of Shimura reciprocity taken from Stevenhaged [A23] that 
is optimized for the extended ring class field Lo jm: 


Theorem 15.17 (Shimura Reciprocity for Lom). Fix f € Fm. Let 7, O and g,, be 
as above and assume that f (1) is defined. If o, € Gal(Lo,m/Lo) corresponds to 
u € (O/mO)* under the exact sequence of (i) above, then 


ou(F(7)) = F870) (79). 


As with the Theorem 15.16, we defer the proof until later in the section. Here is 
an application that shows how easy Theorem 15.17 is to use: 


Theorem 15.18. /f m = 6 mod 8, then f,(./—m)® € Lo for O = Z[,/—m. 


Proof. This was proved earlier in part (i) of Theorem 12.24 via an ad-hoc argument 
using I9(32). Here we use I'(8) and Shimura Reciprocity with 7 = /—m. 

For simplicity, set L = Lo and Lg = Log. Since f;(r)® € Fg by Proposition 15.2, 
we have f;(./—m)® € Lg by Theorem 15.17. We also have the exact sequence 


O* + (O/80)* - Gal(Lg/L) > 1 


from Lemma 15.13. One can check that O* = {+1}, and m = 6 mod 8 implies that 
(O/80)* is generated by 1, 3 and 1+ ./—m (see Exercise 15.8). Thus Gal(Lg/L) is 
generated by 0, and 0), /—,. By Shimura reciprocity, the theorem will follow once 
we prove that f,(7)° is invariant under the matrices g y—;(3) and g ,—,(1 + V—m) 
from Theorem 15.17. 

This is easy, since 3 and 1 + \/—m give the matrices 


€ a) (; 7) € GL(2,Z/8Z). 


The matrix for 3 is obvious, and the matrix for 1 + ./—m comes from the computation 
(1+ JV-m)-J/-m=1-/-—m—m-1=1-/-m-6-1 
(1+V—m)- 1 ot /RAhL, 


where the first line uses m = 6 mod 8. 
The matrix for 3 lies in SL(2,Z/8Z), so we lift it to y € SL(2,Z) and compute 
fi(yr)®. Cubing the transformation law (15.3) for f;(7)? implies that 


fi(yr)® =j —fab+ce(d(1— —a’)— —9) f(r) 
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when + = (42) with b even. Changing a,b,c,d by multiples of 8 doesn’t affect the 
power of i in the right-hand side of the transformation law, so we don’t need to lift— 
we can use the matrix (39) in the right-hand side. One computes the power of i to 
be i? = 1, so that f,(7)°® is invariant under 3 /—,(3). 


The matrix for | + ./—m does not lie in SL(2,Z/8Z), so we factor it as 


¢ 8) = (i 2) G =) ¢ $) esui2,z/82). 


Note that (j _?) € GL(2,Z) acts trivially on f1(r)® since its g-expansion has rational 
coefficients. Arguing as for 3 allows us to use (; _$) € SL(2,Z/8Z) in the right- 
hand side. For this matrix, the power of i is i~ 26-1 — 1, Hence f1(7)° is also invariant 
under % /—,(1 + /—m). This completes the proof of the theorem. Q.E.D. 


As noted in the proof of part (i) of Theorem 12.24, once we have f;(,/—m)* € Lo, 
we get the equality 


(15.19) Lo = K(f(/—m)") when m = 6 mod 8. 


In Exercise 15.9, we will use Shimura reciprocity to prove part (ii) of Theorem 12.24, 
which asserts that Lo = K(f(./—m)*) when m = 3 mod 8. 

The papers [A10] by Gee and [A19] by Schertz give numerous examples of values 
of modular functions that lie in ring class fields. See also the papers [A8] by Cox, 
MCKay and Stevenhagen and [A 13] by Hajir and Rodriguez- Villegas. 


D. Shimura Reciprocity for Ring Class Fields 


By Theorem 11.1, the j-invariant of an order © in an imaginary quadratic field K 
gives the ring class field Lo = K(j(O)). We also saw in Corollary 11.37 that given 
a proper O-ideal a, there is a unique 0, € Gal(Lo@/K) such that 


a(j(b)) = j(ab) 


for all proper O-ideal 6, and furthermore, the map a+> a, induces the isomorphism 
C(O) ~ Gal(Lo /K) given by class field theory. 

We now tackle the general problem of describing o4(f(7)) when f is a modular 
function such that f(7) € Lo. Before explaining how this works, let’s recall a par- 
ticular case studied in §12. Suppose K = Q(./—14) and O = Ox, so that L = Lo is 
the Hilbert class field of K. The element of order 2 in Gal(L/K) ~ C(O) ~ Z/4Z is 
o = 0, for a = [2, /—14]. In our computation of j(—14) in §12, one of the key 
steps was to prove that 


o(fi(v~14)*) = fa(v—-14/2)°. 


The proof given in the discussion following (12.30) was an ad-hoc argument using 
the ring class field of O’ = [1,4./—14]. One goal of this section is to give a better 
proof that uses Shimura reciprocity to describe the Galois action on Lo. 
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It turns out to be more convenient to describe og(f(7)). Written this way, the 
above formula for the Galois action on j(b) becomes 


(15.20) oa(j(6)) = j(ab). 


We will assume that 7 is chosen so that O = [1,70], which is a case that occurs often 
in practice. Turning to the proper O-ideal a, we will assume that 


7 € his a root of ax*+bx+c 


ve a=all,n];, where ie a,b,c € Z relatively prime, a > 0. 


Lemma 7.5 implies that O = [1,a7,], and Theorem 7.7 guarantees that such ideals a 
represent all ideal classes in C(O). Note that N(a) =a, so that a~! = (1/a)a. 

In this situation, we get the following version of Shimura reciprocity due to 
Stevenhagen and Gee (see [A10, Al1, A23}): 


Theorem 15.22. Let 7, a and 7, be as above and assume that f € F with f (7) € Lo. 
Then there is an explicitly computable u € GL(2,Z) such that 


oa(f(7)) = f"(71). 
For example, applying Theorem 15.22 to f = j implies that 
oa(j(70)) = i(71) 


since j is invariant under GL(2,Z) by Theorem 15.6. Using O = [1,79] and a = 
a[1,7,], this becomes 

oa(j(O)) = ja), 
exactly as predicted by (15.20). 


Proof of Theorem 15.22. Our first task is to describe the matrix u € GL(2,Z) men- 
tioned in the statement of the theorem. This is where adeles and ideles enter the 
picture in a serious way. Define 


O=0872 


and recall that Z= I], Zp. Since O is a free Z-module, we have O=T] p Op for 
O, =O &z Zp. We call O the ring of O-adeles, and its group of units O* is the 
group of O-ideles. Note that O* = |], O5. 


Lemma 15.23. Given a proper O-ideal a, there is an O-adele x € O such that 
aSz Z= xO. 
Furthermore, x is unique up to multiplication by an O-idele in Or. 


Proof. Since ais a free Z-module of rank 2, we have 


a@zZ= [[¢22Z,. 
P 
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Hence it suffices to find x, € O, such that 
a®@z Zp = XpOp.- 


We can assume that a = [a,a7)] and O = [1,a7)] as in (15.21). Following Gee [A10], 
we will show that 


a pta 
(15.24) Xp = 4 avy p|aand p{c 
a(7m — 1) p|aand p|c. 


When p{a, then a is invertible in Z,, which takes care of this case. When p{c, then 
at,O =a7;[1,a7] = [at1,a(az?)] = [ar1,a(—b7; — c)] = [ari, ac]. 


Since c is invertible in Z,, ar1O, = [at ,ac| ®z Zp = (aT), a] @z Zp = 4 Bz Zp... Fi- 
nally, when p | a and p | c, we must have p { b. We leave it as Exercise 15.10 to show 
that 

a(7) — 1)O = [a(1 — 1),a(at+b+c)]. 
Since a+ b+ c is invertible in Z,, we have a(7 — 1)Op, = [a(71 — 1),a] ®z Zp = 


[a7;,a] @z Zp = a®zZ,. This proves the existence of x. Uniqueness is covered in 
Exercise 15.10. Q.E.D. 


By this lemma, the ideal a gives x € O. It is clear that @ gives X, and since 
aa = N(a)O = aO, Lemma 15.23 implies that 


(15.25) x¥ea-O*. 
It follows that x is invertible once we invert a. Let 
K=08zQ. 
Using 6=0 @z Z, we have isomorphisms 
K ~082Z82Q~K@z2Z~082Q 


since Q =Q&z Zand K ~ O@z Q. We call K the ring of K-adeles, and its group of 
units K* is the group of K-ideles. (Strictly speaking, these are the finite K-adeles and 
K-ideles, as we will see later.) For simplicity, elements of K and K* will be called 
adeles and ideles, respectively. Then (15.25) implies that XE K*, *, Le., x is an idele. 
The next step is to describe the matrix g,,(x) € GL(2, Q) that appears in the ver- 
sion of Shimura reciprocity stated in Theorem 15.12. Multiplication by x gives a 
homomorphism x : O — O, and g,, (x) is the transpose of the matrix of this map 
with respect to the basis 70,1 of free Z- oe O. More concretely, if we write 
x=A+Br forA,BE Z, then the equation 73 + bt) +c = 0 implies that 


XT) = (A+B) = (A—DB)-7—Be-1 


(15.26) 
x-1=(A+B7)1= B-™| + A+-1. 
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This gives 


A-bB —Bc 
8rr9(X) = B A ? 


just as in the discussion leading up to Theorem 15.17 (remember that a = 1 by our 
assumption that O = [1,79]). 


Lemma 15.27. g,,(x) € GL(2,Q). 


Proof. Multiplication by the idele x € Ke gives an isomorphism x : K 3K. Since 
K~O Oz Q, K isa free @-module of rank 2 with basis 7,1, so the matrix of x lies 
in GL(2, Q). Then we are done since g,,(x) is the transpose of this matrix. Q.E.D. 


Now that we have g,,(x), we need to write it as g,,(x) = uv with u € GL(2,Z) 
and v € GL(2,Q)* as in Theorem 15.9. Looking back at (15.24) and (15.26), we see 
that x was computed using 7; while g,,(x) used 7. Since O = [1,a7;] = [1,70], there 
is an integer € such that at; = 7 + @ (see Exercise 15.11). Then the matrix 


_ ({ :) € GL(2,Q)* 


has the property that 
Toth ary 
VT9 = = STI. 
a a 
We claim that 
(15.28) u=g,(x)v7! € GL(2,Z). 


Once we prove (15.28), we will have the desired decomposition g,, (x) = uv. 
Multiplication by x is a Q-linear map x : K — K with the following properties: 


(i) xO =a@zZ. 
(ii) The matrix of x with respect to the Q-basis 7,1 of K is the transpose of the 


matrix g,,(x). 


Now consider the Q-linear map T : K > K defined by T(t) = ar, and T(1) = 
This map has two properties: 


(i) T(O) =a@zZ. 


(ii) The matrix of T with respect to the Q-basis 70,1 of K is the transpose of the 
matrix v. 


Since x and T are isomorphisms of K and map O to the same thing, it follows that 
Tox: O— Oisan isomorphism. But Ois a free Z-module of rank 2, so the matrix 
of this isomorphism with respect to the basis 7,1 lies in GL(2, Z). This matrix is 
the transpose of g,,(x)v—!, and (15.28) follows. 
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To finish the proof, we need to show that 


oa(f(70)) = f"(11). 


This will be an easy consequence of Shimura reciprocity once we understand og 
from the idelic point of view. We will give the full explanation later in the section, 
but for now, the key points are as follows: 


(i) The idelic Artin map gives a homomorphism K* —> Gal(K®?/K). 


(ii) The argument of Lemma_15.23 generalizes to show that any proper fractional 
O-ideal b satisfies b ®z Z = yO for some y € K*, unique up to multiplication 
by elements of ©*. It follows that 6 +> y induces a well-defined map 


C(O) — R* /K*O* 


which is actually an isomorphism. This is the idelic representation of the class 
group. Hence any idele y € K* gives an ideal class denoted [yO] € C(O). 


(iii) Suppose that y € K* gives o € Gal(K®/K). Then for any b € [y©], we have 
o| Lo = %- 


Now we return to our situation where az Z = xO and 8x(x) = uv. Suppose 
that the idele x—! gives 0 € Gal(K”/K). Then Shimura Reciprocity, as stated in 
Theorem 15.12, implies that 


o(f(t0)) = F807) (79) = F870) (79) = f"’(70) = fF" (v70) = F4(T1) 


by our choice of v. However, ao! @z2Z a xO, so that in the above notation, we 
have [a~'] = [x~!O] in C(O). Since @ € [a~'], the above discussion implies that 


Tho =0q.- 


These equations give the desired result og(f(7)) = f“(71) since f(70) € Lo. 
The proof is now complete, except for the key points (i), (ii), (iii) listed above. 
These will be addressed later in the section. Q.E.D. 


Given a = [a,a7)] and O = [1,79], the version of Shimura reciprocity presented 
in Theorem 15.22 is very explicit. The process is easy: first compute x via (15.24), 
then compute g,, (x) via (15.26), and finally compute u = g,,(x)v—! by the formulas 
leading up to (15.28). 

Here is an especially nice example of how this works: 


Theorem 15.29. Let L be the Hilbert class field of K = Q(—14) and let o be the 
element of order 2 in Gal(L/K) ~ Z/4Z. Then §,(\/—14)? € L and 


o(fi(v—14)”) = fa(V-14/2)°. 
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Proof. Since L is the ring class field of Ox = [1, /—14], fi(/—14)° is contained in 
L by Theorem 15.18. We will first show that o(f;(/—14)®) = fo(V—14/2)°. 

The element of order 2 in C(Ox) ~ C(—56) ~ Z/4Z is represented by the ideal 
a = [2,./—14]. This follows, for example, from the reduced forms listed in (2.14). 
Hence the automorphism co in the statement of the theorem is 0 = og = 03. 

We have 7 = /—14 and 7; = /—14/2, so that 


(3) 


Since 7; is a root of 2x* +7, (15.24) implies that the associated idele x = (xp) is 


Pee 2 p#2 
P V—-14 p=2. 


When computing g,,(x) € GL(2,Q), it is most convenient to work one prime at a 
time using the injective map from (15.10) 


GL(2,Q) — [[GL(2,Q,), 
P 


where g,,(x) maps to an element of the product denoted (g,,(x,)). Then (15.26) 
with x, in place of x gives 


(6 2) =( 1) ) pH#2 
(P= (" GG 3) en? 


Then u = g,,(x)v~! is given by u = (up) € GL(2,Z) = I],GL(2,Z,), where 


€ H p#2 
(15.30) Up = 


0-7 
e a) Poe 


With this value of u, Theorem 15.22 implies that 
(15.31) o(fi(v—14)°) = ft(v—14/2)°. 


It remains to compute f¥(r)°. The key point is that fi(7)° € Fg by Theorem 15.2, 
so it is invariant under I'(8). Hence we only need u modulo 8 in order to compute 
f*(7)®. By (15.30), this means replacing u with 


(; O) (; 0) € GL(2,Z/82Z). 


Br (xp) = 
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To compute how this matrix acts on f,(7)°, we use the methods from the proof of 
Theorem 15.18. Write 


G ) = c =) « a ({ a) € SL(2,Z/8Z). 


The second matrix in the product gives the Galois action on the coefficients of the 
g-expansion of f,(7)°, which is trivial the coefficients are rational. The first ma- 
trix is the standard generator S = (}~4) of SL(2,Z). Since f{(—1/r) = f2(7) by 
Corollary 12.19, we see that 


fit(r)® = fi(r)’ =fa(r)*. 
Combining this with (15.31), we obtain 
(15.32) o(fi(W—14)°) = fil(—14/2)° = fp (W— 14/2)? = fa(V—14/2)°. 


In the proof of of Theorem 12.24, we showed that f;(./—14)* € L follows from 
f1(./—14)° € L, and then the discussion surrounding (12.32) shows how the theorem 
follows from (15.32). This completes the proof. Q.E.D. 


The situation encountered in Theorem 15.29 is especially simple because we only 
had to consider p = 2 since f\(7)° € Fg. When working with f € Fn, one needs 
to consider all primes p dividing m and use the Chinese Remainder Theorem to 
combine the corresponding u,’s into a matrix u, € GL(2,Z/mZ). Once we have 
Um, the next step is to write it as a product um = 7(49) with ¥ € SL(2,Z/mZ). 
Systematic methods for lifting 7 to y € SL(2,Z) are described in Gee [A10], and 
then Shimura reciprocity reduces to 


o(f(70)) = f"(n1) =f" (m1) 


when the g-expansion of f is rational. The papers [A10, All] by Gee and Steven- 
hagen give numerous applications of this approach to Shimura reciprocity. 


E. The Idelic Approach 


Our final task is to explain how our discussion of Shimura reciprocity relates to 
the idelic version of class field theory described in §8. We will focus on the ideas, 
omitting most proofs. 

For an imaginary quadratic field K, the idele group Ix introduced in §8 is the 


restricted product 
Ik =|] [Kp =C* x []"K; 
p p finite 
since an imaginary quadratic field has only one infinite prime, which is complex. 
Recall that []> means that x = (xp) € |], Kp lies in Ix if and only if x» € Ox, for all 
but finitely many p. 


E. THE IDELIC APPROACH 325 


In the imaginary quadratic case, the C* factor has no influence on the class field 
theory. For this reason, we use the finite idele group, which is the restricted product 


fin * x 
I K = II Ky > 
p finite 


where we now use only finite primes p C Ox. However, for an ordinary prime p € Z, 
we have isomorphisms 


[] 4 ~K 80Q, ~K @zZ,, 

pep 
where the product is over all primes p C Ox containing p. The first isomorphism is 
proved in Serre [A20, Chapter II, Theorem 1], and the second follows from Q, = 
Q®z Zp. Hence the finite ideles can be written as 


if TT (Ko22,)" 
P 
where IT, now means that x, € (Ox ®z Z,)* for all but finitely many p. 
To relate this to K = K ®z Z, note that the projection maps Z= I] p Lp — Zp give 
a canonical map 
K* — ||[(Ke22Z,)’. 


P 
In Exercise 15.12, we will show that this map is injective and that its image equals 
I] (K @zZ,)*. Thus 
K* ~] ]"(K@2Z,)*~ If. 
P 


This explains why elements of K* were called (finite) ideles earlier in the section. 
The map a ++ a @ | induces an inclusion 


Ke 3 F. 


The idele group K* also has a topology coming from the p-adic topology on Z,. 
See Neukirch [80, §IV.2] for a careful description. In this topology, K* becomes a 
discrete subgroup of K*. 

The Artin map ®x : Ix/K* —> Gal(K®/K) from (15.11) is trivial on the C* factor 
of Ix. Thus ®x induces a map K* — Gal(K”/K), also called the Artin map, and 
then class field theory for the imaginary quadratic field K is encapsulated in the exact 
sequence 


(15.33) 1+ K* — R* — Gal(K”/K) > 1 


(see Exercises 15.13—15.15). Theorem 7.1 of [80, §IV.7] implies that a closed sub- 
group J C K* of finite index containing K* corresponds via the Artin map to a finite 
Abelian Galois extension K C L contained in K” such that 


K* /J ~ Gal(L/K), 


and all finite Abelian extensions of K arise in this way. 
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For example, if we set Or = Ox @z Z as earlier in the section, then the subgroup 
K* Ox C K* has the finite quotient 


(15.34) R*/K* Ox =~ C(Ox), 


and the corresponding finite extension is the Hilbert class field of K. The isomor- 
phism is one we’ve already seen: the ideal class of a C Ox corresponds to the idele 
class of x when a@zZ = xOx. The existence of x is guaranteed by Lemma 15.23. A 
proof of the isomorphism (15.34) is given in Neukirch [80, Proposition 2.3 of §ITV.2]. 
See also Exercise 15.16. a 

We can finally bring orders into the picture. Given an order O of K, we get O = 
O @z Zas earlier in the section. Generalizing the previous paragraph, the subgroup 
K*O* C R* has the finite quotient 


(15.35) K*/K*O* ~ C(O), 


and the corresponding extension of K is the ring class field Lo of O. Similar to 
(15.34), the isomorphism (15.35) is based on Lemma 15.23 (see Exercise 15.18). It 
follows easily that we get a commutative diagram 


| —> O* —_> 0* —> Gal(K”/Lo) ——> 1 
(15.36) | | | 
| ——> K* ——> K* ——» Gal(K”/K) ——>1 


with exact rows (see Exercise 15.18). 
The extended ring class fields Lo,» also have an idelic description. Recall that 


O* =]],,O% for O, = O@z Zp. If m=], p”, then set 


evn a Ic + p"’"O,) x Ilo; ={xe O* :x=1mod mO} Cc OF 


pilm ptm 
with quotient 
(15.37) O*/Jom~ | ](Op/p™ Op)* ~ (O/mO)* 
p|m 


(see Exercise 15.18). It follows that the field associated to Jojm = K “Jom is the 
extended ring class field Lo . This is the description of Lom given by Cho in [A6]. 

With this framework, we can now fill in some of the details and proofs that were 
omitted earlier in the section. Let’s begin with the two theorems that describe how 
Shimura reciprocity works for extended ring class fields. 


Proof of Theorems 15.16 and 15.17. Suppose that f € F,, is defined at m € KNh, 
and assume that [1, 79] is a proper ideal for the order O. For Theorem 15.16, we need 
to show that f(70) € Lo,m. In the Artin map 


K* —+ Gal(K”/K), 
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we know that Jom = K*JO,, Maps onto Gal(K® /Lom), and since K* acts trivially 
on K”, J6, , maps onto this Galois group. 
Hence it suffices to show that o(f(7)) = f(7>) when o comes from x € Ji»: 


By the idelic version of Shimura reciprocity (Theorem 15.12), this is equivalent to 
showing that 


F870 (19) = f (10) 
for all x € IS wa Using the description of g,,(x) given in the discussion leading up to 
Lemma 15.27, it is easy to see that g,,(x) € GL(2, Z) since x € O*. Then x € Tos 
implies that x = 1 mod mO, which makes it easy to see that g,,(x) = 1 mod m 
(see Exercise 15.19). Since f € F,, is invariant under such matrices, we obtain 
£870) (r) = f(r), and the desired equality follows. 
Turning to Theorem 15.17, recall from Lemma 15.13 that u € (O/mO)* gives 
oy € Gal(Lo,m/Lo). Given f and 7) as above, we need to show that 


ou F(t) = fe (79), 


where g,, (u~') € GL(2,Z/mZ) is described in the discussion before Theorem 15.17. 

To prove this, we first need an idelic description of the map u++ o,. By the 
diagram (15.36), we have a surjection O* + Gal(K%/Lo) which, as noted above, 
maps J , onto Gal(K® /Lo,m). It follows that we have a surjection 


(15.38) O* /Tb m —> Gal(Lom/Lo). 


Combining this with (15.37) gives a surjection (O/mO)* > Gal(Lo m/Lo). We will 
see in Exercise 15.20 that this is the map u+> a, in Lemma 15.13. 

From here, the proof is straightforward. By (15.37), our given u € (O/mO)* 
comes from some x € ©*. If x maps to o € Gal(K® /Lo) via the Artin map, then 


Oy = Lom 


by the previous paragraph. As above, x € ©* implies that B(x) € GL(2,Z). In 
Exercise 15.21 we will show that the matrix g,,(x) € GL(2,Z) reduces modulo m to 
8, (4) € GL(2,Z/mZ). Then 
= = =I 
o(F(70)) = fe) (70) = feo )(r0), 


where the first equality uses Shimura reciprocity (Theorem 15.12) and the second 
follows from f € F,,. This completes the proof of Theorem 15.17. Q.E.D. 


Our final task is to finish the proof of Theorem 15.22 begun earlier. 


Completion of the proof of Theorem 15.22. We need to justify the “key points” (1), 
(ii) and (ii) made on page 322 in the proof of Theorem 15.22. This is now easy: 


(i) The isomorphism Ifr ~ ~ K* constructed above means that we now understand 
exactly how the idelic Artin map gives a map K* > Gal(K®/K). 
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(ii) The isomorphism C(O) ~ E*/K*O" is (15.35). 


(iii) Finally, suppose that y € K* corresponds to a class [yO] € C(O) under (15.35), 
and take 6 € [yO]. Then y gives o € Gal(K*’/K). Since K*O* maps to 
Gal(K”’/Lo), the restriction o| Lo i8 determined by the image of the idele 
y in K*/K*O* ~ C(O) ~ Gal(Lo/K). This is the automorphism denoted op 
in the text, so that o| le = % follows immediately. 


We have now filled in the details omitted in the proof of Theorem 15.22. Q.E.D. 


The treatment of Shimura reciprocity given in this section focused on what was 
needed for §12 and does not give the full story of this remarkable result. The reader 
should consult references [A6, A8, A10, All, A13, A19, A23] already mentioned, 
together with some of the Further Readings for Chapter Four listed in the Additional 
References section at the end of the book to get a better idea of how Shimura reci- 
procity is used in practice. Applications are also given in the books by Lang [73] 
and Shimura [90]. In spite of our many omissions, we nevertheless hope to have 
convinced you that Shimura reciprocity is both powerful and suprisingly easy to use. 


F. Exercises 


15.1. Prove that F,,, is a field and show that Q(j) is the field F, defined in the text. 
Hint: Use Theorem 11.9 and Exercise 11.12. 


15.2. Here are some details from the proof of Proposition 15.2. 


(a) The Dedekind 7-function 7(7) has the following transformation law. 
Suppose that 7 = (25) € SL(2,Z) with c > 0 and d > 0 if c =0. Then 
Schertz [A19, Proposition 2] states that 


my7) = €(y) Ver +dn(7), 
where the square root is chosen so that Re(\/c7 +d) > 0, and 


a ba+c(d(1—a?)—a)+3(a—1)e,; +A2(a@-1 
y= (5) bated I—a)—2)43(0-1yort (EI) 


Here, (a/c) is the Legendre symbol, and c; and are determined by 


c>0:c=2c, c, odd 
c=0:¢, =A=1. 


The paper [A13] by Hajir and Rodriguez-Villegas explores a more con- 
 ceptual way of thinking about (7). 
Use the transformation law for 7(7) to prove (15.3) for f;(7)* when 
+ €T9(2)'. Hint: f1(7) = n(7/2)/n(7). Also, if y € SL(2,Z), then the 
transformation law for 7 applies to either 7 or —7+. 
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(b) Use part (a) to show that f, (7)? is invariant under T'(24). 
(c) Show that f,(7)? € F24. Hint: analyze the g-expansions using the method 
of Proposition 12.25. 


(d) Prove that f,(7)® € Fg. Note that part (b) of Exercise 12.23 asked you to 
prove that f,(7)° is invariant under I'(8) using (12.26). 


15.3. We will study the action of GL(2,Q)* on F. 


15.4. 


15.5. 


15.6. 


15.7. 


15.8. 


(a) Assume that 7 € GL(2,Q)* has integer entries and set N = det(y). Prove 
that yI'(mN)y—! C T'(m). Hint: Write an element of [(mN) as 1+ mN6, 
where 6 has integer entries. 

(b) Use part (a) to prove that f7 is invariant under '(mN) when f € Fyn. 

(c) Prove that f7 € Fn when f € Fy. 


Prove that the image of (15.10) consists of all 7 = (yp) € [], GL(2,Q,) such 
that yp, € |], GL(2,Z,) for all but finitely many p. 


This exercise is concerned with the proof of Lemma 15.13. 


(a) Show that that the map Ix(fm) — C(Q) defined by a+ [aN O] is onto. 
Hint: Use Corollary 7.17 to show that any class in C(O) can be written 
[6] for some O-ideal b with norm relatively prime to fm. Then let a = 
6Ox and use Proposition 7.20. 

(b) Take a = a+bfwx € O relatively prime to m. Let d = gcd(a,m) and 
write a = aod, m = mod with gcd(ao,mo) = 1. By Exercise 15.6, there is 
an integer @ such that ag + moé is relatively prime to f. Show that a+ mé 
is relatively prime to f and hence relatively prime to fm. 


(c 


_— 


Prove that Ix (fm) M Px,z(f) is generated by principal ideals a@Ox where 
a € Ox satisfies a = a mod fOx for a € Z relatively prime to fm. 
Hint: the intersection consists of fractional ideals of the form ab~! = 
aOx(BOx)~| where a,b C Ox are relatively prime to fm and aOx, BOK 
C Ox are generators of Px.z(f). Note also that ab~! = ab(N(b)Ox)7!. 


Let ao, mo be relatively prime integers and let M be any positive integer. Prove 
that there is an integer 2 such that gcd(ag + mo£,M) = 1. Hint: let pi,..., ps 
be the distinct primes dividing M but not mo. Use the Chinese Remainder 
Theorem to find x € Z with x = ag mod mg and x = 1 mod p;--- ps. 


Complete the proof of Theorem 15.15. Hint: can you explain why a prime 
ideal p € [x(fm) splits completely in Lo m if and only if p € Px,zm(fm)? 


Let m € Z be positive such that m = 6 mod 8. Set O = Z[,/—m] = [1, /—m]. 


(a) Show that O* = {+1}. 


(b) Show that |(O/80)*| = 32. Hint: set a = \/—m and use m = 6 mod 8 to 
show a? = 2 mod 80. Then prove that a+ ba € O gives an element of 
(O/80)* if and only if a is odd. 
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15.9. 


15.10. 


15.11. 


15.12. 


15.13. 


15.14. 
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(c) Show that (O/80)* ~ Z/2Z x Z/2Z x Z/8Z, with generators given by 
the classes of —1,3,l+a. 


Prove that Lo = K(f(,/—m)*) when m = 3 mod 8. Hint: first use the methods 
of Theorem 15.18 to show that f(,/—m)°) € Lo. Then explain why this gives 
the desired result. Use Corollary 12.19 to relate f(7) to f(r). 


Here we will complete the proof of Lemma 15.23. 
(a) Prove that a(7; — 1)O = [a(7, — 1), a(at+b+c)]. 


(b) Prove that x is unique up to multiplication by an element of O*. Hint: 
use (15.24) to show that x,X, is a non-zero divisor in O, for every p. 


In the proof of Theorem 15.22, show that a7, = 7) + £ for some integer 2@. 
Hint: use [1,a7)] = [1,79] and remember that a7),70 € b. 


Consider the map K* > II p(K ®z Zp)* constructed in the text. 


(a) Prove that the map is injective. 


(b) Prove that the image of the map is IT (K ®zZ,)*. Hint: first show that if 
a € Ox is nonzero, then a® 1 € (Ox ®zZ,)* for all but finitely many p. 
Then take x = (xp) € [[,(K @z Z,)* with S= {p: x, ¢ (Ox ®zZp)*} 
finite. For p € S pick np € Z with p”»x € (Ox ®z Z,)* and consider 
*TTpes p”. Remember that Ox @zZ= I Ox ®z,Z, since Ox is a free 
Z-module of finite rank. 


Exercises 15.13-15.15 will show that the exact sequence (15.33) follows from 
the presentation of class field theory in Neukirch [80]. We begin by studying 
the image of the Artin map Cx — Gal(K”/K). Theorem 6.5 of [80, §IV.6] 
implies that the Artin map Cx = Ix/K* — Gal(L/K) is surjective for every 
finite extension L of K contained in K®’. Use this to prove that the Artin 
map Cx — Gal(K”/K) has dense image relative to the profinite topology on 
Gal(K* /K) (see [80, §§1.1 and I.2]). 


Here we address the surjectivity of the Artin map. 


(a) Prove that the Artin map Cx — Gal(K®/K) is continuous. Hint: by def- 
inition, the closed subgroups of finite index of Gal(K®’/K) are given by 
Gal(K®/L) for finite extensions L of K contained in K*’. Theorem 6.5 
of Neukirch [80, §IV.6] shows that the inverse image of Gal(K”/L) is a 
closed subgroup of Cx of finite index. 


(b) Prove that any homomorphism R¥+ to a finite group is trivial, and con- 
clude that the same is true for a homomorphism R, to a profinite group. 


(c) By Proposition 2.6 and Theorem 2.8 of [80, §IV.2], we can write Cx = 


C?. x Ry, where Ce is compact. Combine this with parts (a) and (b) and 
the previous exercise to show that Cx + Gal(K*/K) is surjective. 


15.15. 


15.16. 


15.17. 
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Assume that K is imaginary quadratic. For each prime p C Ox, let Ox, be the 
completion of Ox at p, and for n > 0, define 


= {ue Ox, :u= 1 mod p"Ox, }. 


Let m= Il, p”> be a modulus in the terminology of §8. This means ny > 0 
for all p, with only finitely many being positive. By our assumption on K, the 
definition of If given in Neukirch [80, §IV.7] reduces to 


Tree x Iu ss 
p 

(a) Prove that (),, 1g = C* x {1} in Ik. 

(b) Conclude that (),, (K*Ig /K*) = K*(C* x {1})/K*. Hint: first show that 
K*A]],O5 =O*. 

(c) Theorems 7.1 and 7.3 of [80, §IV.7] imply that every closed subgroup 
of finite index of Cx = Ix/K* contains K*If?'}/K* for some modulus m. 
Show that the kernel of Cx — Gal(K®"/K) is given by K*(C* x {1})/K*. 

(d) Prove that (15.33) is exact. Hint: remember that K*~ re: 


The idelic version of the Existence Theorem (Theorem 7.1 of [80, §IV.7]) 
implies that the subgroup K*If'}/K* C Cx gives an Abelian extension Km of 
K, called the ray class field of the modulus m. The theorems cited in part 
(c) then imply that any finite Abelian extension of K lies in some ray class 
field. In Exercise 15.17 we will show that this definition of Kn nEreeS with 
the definition of ray class field given in §8. 


This problem concerns the isomorphism (15.34). The key tool is the follow- 
ing construction that associates a fractional ideal xOx to an idele x € If". 
Given x = (xp), note that xp € p») Ox, for a unique ny(x) € Z. Note that 
only finitely many n,(x) are nonzero. Then define xOx = [],, p””“). Prove 
that x +> [xOx] € C(Ox) induces the isomorphism (15.34). 


Assume that K is imaginary quadratic. Given a modulus m, recall from §8 
that the subgroup Px ;(m) C Ix(m) gives the ray class field of m according to 
the version of class field theory described in §8. To relate this to the adelic 
approach, we will adapt the notation of Exercise 15.15 and define cir 
to be If without the C* factor. For x € If, we define 


x=1modm 
to mean x» € 1+mOx, for all primes p | m. 


(a) Prove that If" = {x € I], Ox, :x =1 mod m}. 


(b) Given an idele x = (xp) € If", the Approximation Theorem (Theorem 
1.1 of Janusz [62, Chapter IV]) implies that there is 6G € K* such that 
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(2x = 1 mod m for all p | m. Show that BxOx € Ix(m) and that the map 
x [BxOx] € Ix(m)/Px,1(m) is well-defined and induces a isomorphism 


Tf" /K*1™" ~ Ix(m)/Px,1(m). 


Via this isomorphism, a subgroup Pxi(m) C H C Ix(m) corresponds to a 
subgroup K i bs MCHC If". Then H (via the classical version of class field 
theory from §8) and H (via the adelic version of class field theory) give the 
same Abelian extension L of K with Galois group 


Gal(L/K) ~ 18" /H ~ Ix(m)/H. 
See Neukirch [80, §IV.8] for more details. 


Let K be an imaginary quadratic field. A positive integer m gives the modulus 
m = mOx. We will follow the convention of §8 and write Ix(m) instead of 
Ix(m). Similarly, the group If" from Exercise 15.17 will be written 1%”. 


(a) Show that the isomorphism ifn ~ ~RK*=K Sz Z discussed in the text 


xyfin, 
takes K*1”" to Jn = k* T1ptm Oke X TIpjm(1 +mOx,p), where Ox,p = 
Ox ®z Z,. By Exercise 15.17, we get isomorphisms 


R* Im ~ VES /K*™ ~ Ie(m)/ Pra (m). 


(b) Let © be an order in K of index f. Show that Jy C K*O* = K*J],, OF 
and that the isomorphism takes of part (a) induces an isomorphism 
K*O° /Jp = Px.2(f)/Px(f)- 


Conclude that (15. 35) h holds and that the ring class field Lo is the field 
assocated to K*O* C K*. Then use this to explain the diagram (15.36). 


Let Jom=K “Jom be defined as in the text. Show that Jfm C Jom and 
that the isomorphism of part (a) induces an isomorphism 


Jom|I§m = Px,z,m(fm)/Px,i1(fm). 


(c 


ae 


Conclude that the extended ring class field Le » is the field assocated to 
Jojm CK*. 

Prove (15.37). Hint: a standard fact about the p-adic integers Z, is that 
the inclusion Z C Z, induces an isomorphism Z/p‘Z ~ Z,/p*Z, for 
every k > 0. 


(d 


wS 


Complete the proof of Theorem 15.16. 


The maps (15.37) and (15.38) give a map (O/mO)* > Gal(Lom/Lo). Prove 
that this equals the map appearing in Lemma 15.13. Hint: use Exercises 15.17 
and 15.18. 
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15.21. In the proof of Theorem 15.17, we claimed that the matrix g,,(x) € GL(2, Z) 
reduces modulo m to %,,(u) € GL(2,Z/mZ). Prove this. 
15.22. Prove that ¢,, € Lom. Hint: ¢,, j(7) € Fn. 
15.23. Let w = ¢, and set K = Q(w) and O = Ox = Z[w]. 
(a) Use Lemma 15.13 to show that [Lo,5 : K] = 4. 
(b) Use part (a) and the previous exercise to show that 


Lo,s = K(¢5) = Q(w, ¢s) = Qs). 


(c) Theorem 15.16 implies that r(w) € Lo,s, where r(7) € Fs is the contin- 
ued fraction function from the example following Theorem 15.16. In his 
so-called “lost” notebook, Ramanujan states that 


V30+6/5 —3- V5 
Cow) = 7 


(see Duke [A9, (2.4)]). Prove directly, without using Theorem 15.16, 
that this lies in Q(w,¢,). Hint: Cy = —@3, ¢5 = =4¥4 + i /sty5 , and 
30+ 63 = 2/3. iy/ 4. 
15.24, Let K = Q(i) and O = Ziil. 
(a) Adapt the method of Exercise 15.23 to show that 


Lo,s = K(¢5) = Qli,¢5) = Q(Ca9)- 


(b) In the example following Therorem 15.16, we analyzed when p = x” + y” 
with x = 1 mod 5 and y=0 mod 5. The answer involved the quartic 
x* + 2x3 — 6x? + 1. Use part (a) to show that this polynomial can be 
replaced with x4 42° +x7+x+1. 


REFERENCES 


1. T. M. Apostol, Modular Functions and Dirichlet Series in Number Theory, 
Springer-Verlag, Berlin, Heidelberg, and New York, 1976. 


2. E. Artin, Galois Theory, University of Notre Dame, Notre Dame, Indiana, 1959. 


3. A. Baker, Linear forms in the logarithms of algebraic numbers I, Mathematika 
13 (1966), pp. 204-216. 


4. W. E. H. Berwick, Modular invariants expressible in terms of quadratic and 
cubic irrationalities, Proc. Lon. Math. Soc. 28 (1927), pp. 53-69. 


5. K. R. Biermann, E. Schuhmann, H. Wussing and O. Neumann, Mathematis- 
ches Tagebuch 1796-1814 von Carl Friedrich Gauss, 3rd edition, Ostwalds 
Kilassiker 256, Leipzig, 1981. 


6. B. J. Birch, Diophantine analysis and modular functions, in Algebraic Geom- 
etry, Papers Presented at the Bombay Colloquium, 1968, Oxford University 
Press, London, 1969, pp. 35-42. 


7. B.J. Birch, Weber’s class invariants, Mathematika 16 (1969), pp. 283-294. 


8. Z. I. Borevich and I. R. Shafarevich, Number Theory, Academic Press, New 
York, 1966. 


335 


Primes of the Form x2 + ny’, Second Edition. By David A. Cox 
Copyright © 2013 John Wiley & Sons, Inc. 


336 


11. 


12. 


13. 


14. 


15. 


16. 


18. 


19. 


20. 


21. 


22. 


23. 


24. 


REFERENCES 


J. M. Borwein and P. B. Borwein, Pi and the AGM, Wiley, New York, 1987. 


. W. E. Briggs, An elementary proof of a theorem about the representations of 


primes by quadratic forms, Canadian J. Math. 6 (1954), pp. 353-363. 


G. Bruckner, Charakterisierung der galoisschen Zahlkérper, deren zerlegte 
Primzahlen durch bindre quadratische Formen gegeben sind, Math. Nachr. 32 
(1966), pp. 317-326. 


D. A. Buell, Class Groups of Quadratic Fields I, II, Math. Comp. 30 (1976), 
pp. 610-623 and 48 (1987), pp. 85-93. 


W. K. Buhler, Gauss: A Biographical Study, Springer-Verlag, Berlin, Heidel- 
berg, and New York, 1981. 


J. J. Burkhardt, Euler’s work on number theory: a concordance for A. Weil’s 
Number Theory, Historia Math. 13 (1986), pp. 28-35. 


P. Cassou-Nogués and M. J. Taylor, Elliptic Functions and Rings of Integers, 
Progress in Math. 66, Birkhauser, Boston, Basel, and Stuttgart, 1987. 


K. Chandrasekharan, Elliptic Functions, Springer-Verlag, Berlin, Heidelberg, 
and New York, 1985. 


. S. Chowla, An extension of Heilbronn’s class number theorem, Quarterly J. 


Math. 5 (1934), pp. 304-307. 


P. Cohen, On the coefficients of the transformation polynomials for the elliptic 
modular function, Math. Proc. Camb. Phil. Soc. 95 (1984), pp. 389-402. 


H. Cohn, A Classical Invitation to Algebraic Numbers and Class Fields, 
Springer-Verlag, Berlin, Heidelberg, and New York, 1978. 


H. Cohn, A Second Course in Number Theory, Wiley, New York, 1962. 
(Reprinted as Advanced Number Theory, Dover, New York, 1980.) 


H. Cohn, Introduction to the Construction of Class Fields, Cambridge Univer- 
sity Press, Cambridge, 1985. 


M. J. Collinson, The origins of the cubic and biquadratic reciprocity laws, 
Arch. Hist. Exact Sci. 17 (1977), pp. 63-69. 


D. Cox, The arithmetic-geomtetric mean of Gauss, L Ens. Math. 30 (1984), pp. 
275-330. 


M. Deuring, Die Klassenkdrper der Komplexen Multiplikation, in Enzyklopddie 
der Mathematischen Wissenschaften, Band I 2, Heft 10, Teil 1M, Teubner, 
Stuttgart, 1958. 


25. 


26. 


27. 


28. 
29. 


30. 


31. 


32. 


33. 


34. 


35. 
36. 
37. 


38. 


39. 


40. 


41. 


REFERENCES 337 


M. Deuring, Teilbarkeitseigenschaften der singuldren Moduln der elliptischen 
Funktionen und die Diskriminante der Klassengleichung, Commentarii Math. 
Helv. 19 (1946), pp. 74-82. 


L. E. Dickson, History of the Theory of Numbers, Carnegie Institute, Washing- 
ton D.C., 1919-1923. (Reprint by Chelsea, New York, 1971.) 


P. G. L. Dirichlet, Werke, Berlin, 1889-1897. (Reprint by Chelsea, New York, 
1969.) 


P. G. L. Dirichlet, Zahlentheorie, 4th edition, Vieweg, Braunschweig, 1894. 


D. Dorman, Singular moduli, modular polynomials, and the index of the closure 
of Z| j(7)] in Q(j(7)), Math. Annalen 283 (1989), pp. 177-191. 


D. Dorman, Special values of the elliptic modular function and factorization 
formulae, J. Reine Angew. Math. 383 (1988), pp. 207-220. 


H. Edwards, Fermat’s Last Theorem, Sparse Berlin, Heidelberg, and 
New York, 1977. 


W. Ellison and F. Ellison, Théorie des nombres, in Abrégé d’Histoire des 
Mathématiques 1700-1900, Vol. I, ed. by J. Dieudonné, Hermann, Paris, 1978, 
pp. 165-334. 


L. Euler, Opera Omnia, Series prima, Vols. I-V, Teubner, Leipzig and Berlin, 
1911-1944. 


P. Eymard and J. P. Lafon, Le journal mathématique de Gauss, Revue d’ Histoire 
des Sciences 9 (1956), pp. 21-51. 


P. de Fermat, Oeuvres, Gauthier- Villars, Paris, 1891—1896. 
D. Flath, Introduction to Number Theory, Wiley, New York, 1988. 


W. Franz, Die Teilwert der Weberschen Tau-Funktion, J. Reine Angew. Math. 
173 (1935), pp. 60-64. 


G. Frei, Leonhard Euler’s convenient numbers, Math. Intelligencer 3 (1985), 
pp. 55-58 and 64. 


G. Frei, On the development of the genus of quadratic forms, Ann. Sc. Math. 
Québec 3 (1979), pp. 5-62. 


P.-H. Fuss, Correspondance Mathématique et Physique, St. Petersburg, 1843. 
(Reprint by Johnson Reprint Corporation, New York and London, 1968.) 


C. F. Gauss, Disquisitiones Arithmeticae, Leipzig, 1801. Republished in 1863 
as Volume I of Werke (see [42]). French translation, Recherches Arithmétiques, 
Paris, 1807. (Reprint by Hermann, Paris, 1910.) German translation, Un- 
tersuchungen iiber Hoéhere Arithmetik, Berlin, 1889. (Reprint by Chelsea, 


338 


42. 
43. 


45. 


46. 


47. 


48. 


49. 


50. 


51. 


52. 


53. 


34. 


55. 


56. 


REFERENCES 


New York, 1965.) English Translation, Yale, New Haven, 1966. (Reprint by 
Springer-Verlag, Berlin, Heidelberg, and New York, 1986,) 


C. F. Gauss, Werke, Gottingen and Leipzig, 1863-1927. 


S. Goldwasser and J. Kilian, Almost all primes can be quickly quickly certified, 
Proc. 18th Annual ACM Symp. on Theory of Computing (STOC, Berkeley), 
ACM Press, 1986, pp. 316-329. 


. J. J. Gray, A commentary on Gauss’s mathematical diary, 1796-1814, with an 


English translation, Expo. Math. 2 (1984), pp. 97-130. (Gauss’ diary has also 
been translated into French [34] and German [5].) 


B. Gross, Arithmetic on Elliptic Curves with Complex Multiplication, Lecture 
Notes in Math. 776, Springer-Verlag, Berlin, Heidelberg, and New York, 1980. 


B. Gross and D. Zagier, On singular moduli, J. Reine Angew. Math. 355 (1985), 
pp. 191-220. 


E. Grosswald, Representations of Integers as Sums of SauOTES Springer-Verlag, 
Berlin, Heidelberg, and New York, 1985. 


G. H. Hardy and E. M. Wright, An Introduction to the Theory of Numbers, 5th 
edition, Clarendon Press, Oxford, 1979. 


H. Hasse, Bericht tiber neuere Untersuchungen und Probleme aus der Theorie 
def algebraischen Zahlkorper, I, la and II, Jahresber. Deutch. Math. Verein 35 
(1926), pp. 1-55, 36 (1927), pp. 233-311, and Erg. Bd. 6 (1930), pp. 1-201. 
(Reprint by Physica-Verlag, Wiirzburg Vienna, 1965.) 


H. Hasse, Number Theory, Springer-Verlag, Berlin, Heidelberg, and New York, 
1980. 


H. Hasse, Zur Geschlechtertheorie in quadratischen Zahlk6rpern, J. Math. Soc. 
Japan 3 (1951), pp. 45-51. 


K. Heegner, Diophantische Analysis und Modulfunktionen, Math. Zeit. 56 
(1952), pp. 227-253. 


O. Hermann, Uber die Berechnung der Fourierkoeffizienten der Funktion j(r), 
J. Reine Angew. Math. 274/275 (1974), pp. 187-195. 


IN. Herstein, Topics in Algebra, 2nd edition, Wiley, New York, 1975. 


C. S. Herz, Computation of singular j-invariants, in Seminar on Complex Mul- 
tiplication, Lecture Notes in Math. 21, Springer-Verlag, Berlin, Heidelberg, and 
New York, 1966, pp. VIII-1 to VIII-11. 


C. S. Herz, Construction of class fields, in Seminar on Complex Multiplication, 
Lecture Notes in Math. 21, Springer-Verlag, Berlin, Heidelberg, and New York, 
1966, pp. VII-1 to VH-21. 


57. 


58. 


59, 


60. 


61. 


62. 


63. 


64. 


65. 


66. 


67. 


68. 


69. 
70. 


71. 
72. 


73. 


REFERENCES 339 
L.-K. Hua, Introduction to Number Theory, Springer-Verlag, Berlin, Heidel- 
berg, and New York, 1982. 


D. Husemiéller, Elliptic Curves, Springer-Verlag, Berlin, Heidelberg, and New 
York, 1987. 


K. Ireland and M. Rosen, A Classical Introduction to Modern Number Theory, 
Springer-Verlag, Berlin, Heidelberg, and New York, 1982. 


M. Ishida, The Genus Fields of Algebraic Number Fields, Lecture Notes in 
Math. 555, Springer-Verlag, Berlin, Heidelberg, and New York, 1976. 


C. G. J. Jacobi, Gesammelte Werke, Vol. 6, Berlin, 1891. (Reprint by Chelsea, 
New York, 1969.) 


G. Janusz, Algebraic Number Fields, Academic Press, New York, 1973. (2nd 
edition by AMS, Providence, Rhode Island, 1996.) 


B. W. Jones, The Arithmetic Theory of Quadratic Forms, Carus Monographs 
10, MAA, Washington D. C., 1950. 


E. Kaltofen, T. Valente and N. Yui, An improved Las Vegas primality test, 
Proc. International Symposium on Symbolic and Algebraic Computation (IS- 
SAC ’89, Portland), ACM Press, 1989, pp. 26-33. 


E. Kaltofen and N. Yui, Explicit construction of the Hilbert class fields of imagi- 
nary quadratic fields by integer lattice reduction, in Number Theory (New York, 
1989/1990), Springer-Verlag, New York, 1991, pp. 149-202. 


E. Kaltofen and N. Yui, On the modular equation of order 11, in Third MAC- 
SYMA User’s Conference, Proceedings, General Electric, 1984, pp. 472-485. 


N. Koblitz, Introduction to Elliptic Curves and Modular Forms, Springer- 
Verlag, Berlin, Heidelberg, and New York, 1984. 


L. Kronecker, Werke, Leipzig, 1895-1931. (Reprint by Chelsea, New York, 
1968.) 


J. L. Lagrange, Oeuvres, Vol. 3, Gauthier- Villars, Paris, 1869. 


E. Landau, Uber die Klassenzahl der bindren quadratischen Formen von nega- 
tiver Discriminante, Math. Annalen 56 (1903), pp. 671-676. 


E. Landau, Vorlesungen tiber Zahlentheorie, Hirzel, Leipzig, 1927. 


S. Lang, Algebraic Number Theory, Springer-Verlag, Berlin, Heidelberg, and 
New York, 1986. 


S. Lang, Elliptic Functions, 2nd edition, Springer-Verlag, Berlin, Heidelberg, 
and New York, 1987. 


340 


74. 


75. 


76. 


77. 


78. 


79. 


80. 


81. 


82. 


83. 


84. 


85. 


86. 


87. 


88. 


89. 


REFERENCES 


A. M. Legendre, Essai sur la Théorie des Nombres, Paris, 1798. Third edition 
retitled Théorie des Nombres, Paris, 1830. (Reprint by Blanchard, Paris, 1955.) 


A. M. Legendre, Recherches d’analyse indéterminée, in Histoire de l'Académie 
Royale des Sciences, 1785, Paris, 1788, pp. 465-559. 


H. W. Lenstra, Jr., Factoring integers with elliptic curves, Annals of Math. 126 
(1987), pp. 649-673. 


D. Marcus, Number Fields, Springer-Verlag, Berlin, Heidelberg, and New York, 
1977. 


G. B. Mathews, Theory of Numbers, Deighton Bell, Cambridge, 1892. (Reprint 
by Chelsea, New York, 1961.) 


F. Morain, Implementation of the Goldwasser-Kilian-Atkin primality testing al- 
gorithm, Rapport de Recherche 911, INRIA-Rocquencourt, Octobre 1988. 


J. Neukirch, Class Field Theory, Springer-Verlag, Berlin, Heidelberg, and New 
York, 1986. 


J. Oesterlé, Nombres des classes des corps quadratiques imaginaires, Aster- 
isque 121-122 (1985), pp. 309-323. 


T. Ono, Arithmetic of Algebraic Groups and its Applications, St. Paul’s Inter- 
national Exchange Series, Occasional Papers VI, St. Paul’s University, 1986. 


H. Orde, On Dirichlet’s class number formula, J. London Math. Soc. 18 (1978), 
pp. 409-420. 


G. J. Rieger, Die Zahlentheorie bei C. F- Gauss, in C. F. Gauss, Gedenkband 
Anldsslich des 100. Todestages, am 23. Februar 1955, Teubner, Leipzig, 1957, 
pp. 38-77. 


P. Roquette, On class field towers, in Algebraic Number Theory, ed. by J. W. S. 
Cassels and A. Frohlich, Academic Press, New York, 1967, pp. 231-249. 


W. Scharlau and H. Opolka, From Fermat to Minkowski, Springer-Verlag, 
Berlin, Heidelberg, and New York, 1985. 


R. Schertz, Die singuldren Werte der Weberschen Funktionen f, f1, f2, Y2, Y3, 
J. Reine Angew. Math. 286/287 (1976), pp. 46-74. 


J.-P. Serre, A Course in Arithmetic, Springer-Verlag, Berlin, Heidelberg, and 
New York, 1973. 


D. Shanks, Class number, a theory of factorization, and genera, in 1969 Num- 
ber Theory Institute, Proc. Symp. Pure Math. 20, AMS, Providence, Rhode 
Island, 1971, pp. 415-440. 


90. 


91. 


92. 


93. 


94. 


95. 


96. 


97. 


98. 


99. 


100. 


101. 


102. 


103. 


104. 


105. 


REFERENCES 341 


G. Shimura, Arithmetic Theory of Automorphic Functions, Princeton University 
Press, Princeton, New Jersey, 1971. 


C. L. Siegel, Equivalence of Quadratic Forms, Am. J. Math. 63 (1941), pp. 
658-680. 


C. L. Siegel, Uber die Classenzahl quadratischer Zahlkérper, Acta Arithmetica 
1 (1935), pp. 83-86. 


J. H. Silverman, The Arithmetic of Elliptic Curves, Springer-Verlag, Berlin, 
Heidelberg, and New York, 1986. 


H. J. S. Smith, Note on the modular equation for the transformation of the third 
order, Proc. London Math. Soc. 10 (1878), pp. 87-91. 


H. J. S. Smith, Report on the Theory of Numbers, Reports of the British Asso- 
ciation, 1859-1865. (Reprint by Chelsea, New York, 1965.) 


H. M. Stark, A complete determination of the complex quadratic fields of class 
number one, Michigan Math. J. 14 (1967), pp. 1-27. 


H. M. Stark, Class numbers of complex quadratic fields, in Modular Functions 
of One Variable I, Lecture Notes in Math. 320, Springer-Verlag, Berlin, Heidel- 
berg, and New York, 1973, pp. 153-174. 


H. M. Stark, On the “gap” in a theorem of Heegner, J. Number Theory 1 
(1969), pp. 16-27. 


S. Wagon, The evidence: primality testing, Math. Intelligencer 8 (1986), pp. 
58-61. 


J. Wallis, Opera Mathematica, Oxford, 1695-1699. (Reprint by G. Olms, Hin- 
desheim, New York, 1972.) 


H. Weber, Beweis des Satzes, daB jede eigentlich primitive quadratische Form 
unendliche viele Primzahlen darzustellen fahig ist, Math. Annalen 20 (1882), 
pp. 301-329. 


H. Weber, Lehrbuch der Algebra, Vol. TH, 2nd edition, Vieweg, Braunschwieg, 
1908. (Reprint by Chelsea, New York, 1961.) 


H. Weber, Zur Komplexen Multiplikation elliptischer Funktionen, Math. An- 
nalen 33 (1889), pp. 390-410. 


A. Weil, Basic Number Theory, 3rd edition, Springer-Verlag, Berlin, Heidel- 
berg, and New York, 1974. 


A. Weil, La cyclotomie jadis et naguére, LEns. Math. 20 (1974), pp. 247- 
263. Reprinted in Essais Historiques sur la Théorie des Nombres, Monograph 
22, L’Ens. Math., Geneva, 1975, pp. 39-55, and in Vol. III of André Weil: 


342 


106. 


107. 


108. 


109. 


110. 


111. 


112. 


REFERENCES 


Collected Papers, Springer-Verlag, Berlin, Heidelberg, and New York, 1980, 
pp. 311-327. 


A. Weil, Number Theory: An Approach Through History, Birkhauser, Boston, 
Basel, and Stuttgart, 1984. 


A. Weil, Two lectures on number theory: past and present, L’Ens. Math. 20 
(1974), pp. 87-110. Reprinted in Essais Historiques sur la Théorie des Nom- 
bres, Monograph 22, L’Ens. Math., Geneva, 1975, pp. 7-30, and in Vol. III of 
André Weil: Collected Papers, Springer-Verlag, Berlin, Heidelberg, and New 
York, 1980, pp. 279-302. 


P. J. Weinberger, Exponents of the class groups of complex quadratic fields, 
Acta Arith. 22 (1973), pp. 117-124. 


E. T. Whittaker and G. N. Watson, A Course of Modern Analysis, 4th edition, 
Cambridge University Press, Cambridge, 1963. 


N. Yui, Explicit form of the modular equation, J. Reine Angew. Math. 299/300 
(1978), pp. 185-200. 


D. Zagier, Zetafunktionen und Quadratische Korper, Springer-Verlag, Berlin, 
Heidelberg, and New York, 1981. 


D. Zagier, L-Series of elliptic curves, the Birch-Swinnerton-Dyer conjecture, 
and the class number problem of Gauss, Notices of the AMS 31 (1984), pp. 
739-743. 


INDEX 


A 


Abatzoglou, A., 346 

Abel, N. H., 79, 219 

Abelian extension, see Field, extension 

adele, 5, 317~318 

Affine space, 284 

Algebraic groups, 115 

Algebraic integers, 3, 78, 88 

Apostol, T., 205, 210, 335 

Approximation Theorem, 331 

Arndt, F., 64 

Artin, E., 166, 290, 335 

Artin map, 97-98, 107, 109-112, 114, 144- 
148, 150, 152, 154-155, 163, 
164, 172, 218 

idelic, 156-157, 312, 322, 326 

Artin Reciprocity Theorem, see Class field 
theory, Artin Reciprocity Theo- 
rem 

Artin symbol, 95-97, 106, 111, 145-146, 150, 
153, 155, 171. See also Artin map 

relation to Legendre symbol, 96, 106, 

150 

Associate, 6, 68 

Atkin, A. O. L., 297, 303-304, 343 


Bachmann, P., 57 

Baker, A., 4, 135, 226, 247, 335 

Belding, J. V., 345 

Berndt, B. C., 79, 261, 343, 345 

Berwick, W. E. H., 247, 335 

Biermann, K. R., 335 

Biquadratic reciprocity, see Reciprocity, bi- 
quadratic 

Birch, B. J., 227, 240, 247, 335 

Borevich, Z, 1., 53, 88, 90, 93, 119, 129, 134, 
335 

Borwein, J. M., 196, 336 

Borwein, P. B., 196, 336 

Briggs, W. E., 172, 336 

Brillhart, J., 297, 343 

Broker, R., 345 

Bruckner, G., 172, 174, 336 

Buell, D. A., 27, 336, 345 

Biihler, W. K., 57, 336 

Burde, K., 345 

Burkhardt, J. J., 9, 336 

Bussotti, P., 9, 343 


Primes of the Form x° +ny*, Second Edition. By David A. Cox 347 


Copyright © 2013 John Wiley & Sons, Inc. 


348 INDEX 


c 


Calculus of finite differences, 11, 19 
Cassou—Nogués, P., 220, 297, 336 
Cebotarev Density Theorem, 4, 144, 152-155, 
160, 162, 171, 176 
Chan, H. H., 346 
Chandrasekharan, K., 187, 252, 336 
Character: 
assigned, 49-50, 52, 62-63, 113 
biquadratic, 75 
complete, 52 


group, 52 
Chinese Remainder Theorem, 37, 41, 50, 142, 
324, 329 
Cho, B., xi, 284, 309, 313-315, 326, 343, 
346 


Chowla, S., 56, 336, 345 
Class equation, 4, 182, 200, 218, 261-262, 
297 
algorithm for computing, 266-268, 
271-272 
constant term, 272-273, 276 
discriminant, 273, 276 
for D = —56, 261 
for D = —71, 272 
relation to the modular equation, 262- 
263, 266-267 
relation to p = x* +ny?, 262, 273-274, 
297, 302-304 
Class field theory, 2-5, 14, 67, 78-79, 87- 
88, 94, 97-98, 108, 115, 120, 
129, 132, 144-152, 156-157, 
162, 166, 174, 219, 274, 324— 
326, 330-332. See also Complex 
multiplication; Hilbert class field; 
Ray class field; Reciprocity; Ring 
class field 
Artin Reciprocity Theorem, 4, 79, 87, 
97, 108, 145~146, 148, 151-152, 
156-157, 170, 172 
Conductor Theorem, 147-148, 158 
Existence Theorem, 147-149, 157, 159, 
163, 166, 313, 331 
for unramified extensions, 97-98 
Class group, See also Class number; Order; 
Quadratic form 
form class group, 45-46, 59, 100-101, 
120, 123-125 
ideal class group, 46, 90, 100-101, 120, 
123-125, 322, 329 
generalized ideal class group, 144— 
146 


idelic representation, 322, 326, 332 
narrow (or strict) class group, 128— 
129, 139-141 
relation between forms and ideals, 100— 
101, 123-129, 139-141 
Class number, 88, 132, 135, 163 
class number one theorem, 4, 28— 
29, 135, 227, 237-239, 247-250, 
262. See also j-Invariant 
of an order, 124, 163, 193, 196 
of quadratic forms, 2, 27, 40, 45, 54 
Cohen, H., 345-346 
Cohen, P., 272, 336 
Cohn, H., ix, 5, 115, 129, 174, 218, 336 
Collinson, M. J., 78, 336 
Completion at a prime, 152, 156, 159-160, 
324, 331 
Complex multiplication, 2, 4, 77, 79, 103, 
190-196, 273-274, 283, 297, 
304. See also Elliptic curve, with 
complex multiplication 
First Main Theorem, 182, 200, 215-217 
relation to elliptic functions, 190~193 
relation to ring class fields, 200, 214— 
220 
Second Main Theorem, 219 
Composition, 3, 8, 18, 34, 43. See also Class 
group, form class group 
definition, 37, 43 
direct, 43-45, 60 
Dirichlet’s theory, 43-46, 49, 60, 125- 
126 
Gauss’ theory, 42-43, 59 
genera, 49 
Legendre’s theory, 3, 37-38, 43, 46-47, 
60 
Conductor: 
of an Abelian extension, 147-148 
of an order, 121, 145 
of a ring class field, 174, 176-179 
Conductor Theorem, see Class field theory 
Congruence subgroup, 145-148, 150-151. See 
also Class field theory 
Conrad, K., 343 
Continued fractions, 27, 93, 315-316, 333. 
See also Rogers-Ramanujan con- 
tinued fraction 
Convenient numbers, see Euler; Genus theory 
Cowles, M., 345 
Cox, D. A., 77, 221, 318, 336, 343 
Cubic reciprocity, see Reciprocity, cubic 
Cyclotomic cquation, 76. See also Field, cy- 
clotomic 


D 


Decomposition group, 91-92, 95-96, 104, 
116, 161 
Dedekind, R., 78 
Dedekind domain, 88-89, 93, 120-121 
Dedekind 7-function, 226, 232-233, 236-237, 
261, 310, 328 
Degree: 
of an isogeny, 288-289 
of a number field, 88 
Deligne, P., 291 
Descent (method of infinite descent), 8-9, 11 
Descent Step, 9-12, 19, 22, 24, 27-28. See 
also Euler, L., two-step strategy 
Deuring, M., 4, 132, 215, 218-219, 262, 265, 
272-274, 276, 292-293, 295, 
336-337 
Dickson, L. E., 53, 337 
Digby, K., 8-9, 35 
Dirichlet, P. G. L., 52, 58, 78, 172, 337. 
See also Composition, Dirichlet’s 
theory 
comment on genus theory, 56 
proof for x2 + 64y*, 75, 82 
theorem on primes in arithmetic pro- 
gressions, 36, 51, 144, 154, 160, 
173 
Dirichlet density, 152-154, 160, 170-172, 
176. See also Cebotarev Density 
Theorem 
Dirichlet ¢-function, see ¢-function, Dirichlet 
Discriminant: 
of an order, see Order, in a quadratic 
field, discriminant 
of a polynomial, 88, 99, 103, 108, 
163, 167-168, 174, 187, 273- 
274, 276, 314, 316 
of a quadratic field, see Field, quadratic, 
discriminant 
of a quadratic form, see Quadratic form, 
discriminant 
Dorman, D., 275-276, 337 
Duke, W., 316, 333, 344 


E 


Edwards, H., 9, 80, 337 
Eisenstein, F. G., 53, 78 
Elliptic curve, 4-5, 77, 182, 291, 297, 304 
in characteristic 2 and 3, 284-285 
with complex multiplication, 287, 289, 
291-292, 294 
definition: 
over a field, 284 


INDEX 349 


over a ring, 297 
endomorphism ring, 287 
group of solutions, 284, 286-287, 298 
isogeny, 288-289 
cyclic, 290 
degree, 289-290 
Frobenius, 289-290, 292, 295, 305- 
306 
over C, 288 
over a finite field, 289 
over K CC, 289 
isomorphism of, 285 
over an algebraically closed field, 
286 
over C, 286 
over a finite field, 295 
j-invariant, 285-287, 297 
over a finite field, 283, 289-291, 293- 
295 
ordinary, 291, 294-295 
supersingular, 291, 296-297, 308 
reduction of, 218, 273, 275, 291-296 
use in primality testing, 281, 297-304 
Weierstrass equation, 284-285, 297, 
304 
Elliptic function, 5, 181-182, 185, 193, 216, 
283. See also Complex multipli- 
cation; Weierstrass g-function 
definition, 182 
even elliptic function, 191, 198 
as a function in g and g’, 198-199 
Elliptic integrals, 79 
Ellison, F., 79, 337 
Ellison, W., 79, 337 
Enge, A., 345 
Equivalence: 
classes, 59 
of quadratic forms, see Quadratic form, 
equivalence 
Rt-equivalence. see Quadratic form, 
equivalence, R*+ 
SL(2,Z)-equivalence, 23 
Erdés, P., 172 
Euclidean ring, 67-68, 73, 81, 138 
Euler, L., ix, 5, 7, 9, 11, 19, 27, 30, 34-36, 
41, 58, 79, 108, 151, 249, 259, 
304, 337 
conjectures for p = x* +ny*, 2-3, 7, 
17-18, 22, 30-31, 33-35, 36-37, 
58, 67, 72, 74-76, 81, 162, 166, 
175 
convenient numbers, 43, 53, 55-56, 
115, 118, 240, 304 


350 INDEX 


correspondence with Goldbach, 9, 11, 
13 
proof of p=x*+y’, 9-10, 41 
proofs of p =x? + 2y?, x2 +3y?, 11, 14 
quadratic reciprocity, 2, 7, 1!-17, 57 
two-step strategy, 9-11, 24, 27-28. See 
also Descent Step; Reciprocity 
Step 
Euler identity, 271 
Euler $-function, 158, 223, 265 
Evans, R., 79, 343 
Existence Theorem, see Class field theory, 
Existence Theorem 
Extended ring class field, see Ring class field, 
extended 
Eymard, P., 337 


F 


Fermat, P., 8-9, 12, 27, 30, 65, 108, 304, 337 
conjecture concerning x? + 5y’, 8, 18, 
33, 37 
descent, 8-9, 11, 247 
letter to Digby, 8-9, 35 
Little Theorem, 11, 70, 72-73, 113, 149 
theorems on p = x? +-y*,x? + 2y?,2? + 
3y*, 1-2, 7-11, 20, 22, 28, 40, 
58, 76 
Field, See also Class field theory; Hilbert class 
field; Ray class field; Ring class 
field 
cyclotomic, 57, 77, 79, 146-149, 157- 
158, 160-162 
extension: 
Abelian, 79, 94-98, 144-147 
generalized dihedral, 172-173, 175- 
176, 218-219 
maximal Abelian, 312, 325-328, 330 
ramification, 90-91, 147, 166-167 
unramified, 91, 94-95 
genus, 108-109, 114-115, 118, 172, 
240, 244, 256 
number, 3, 79, 87-88, 144, 159 
degree, 88 
of modular functions, 309-310 
quadratic, 5, 92-94 
discriminant, 53, 92 
imaginary, 4, 123, 128 
real, 5, 128-129, 139-141 
residue, 89 
Flath, D., 27, 46, 48, 58, 62, 337 
Fractional ideal, 89-90, 97, 103-104, 122— 
123 
Franz, W., 220, 337 


Frei, G., 55, 115, 337 
Frobenius: 

automorphism, 95 

isogeny, see Elliptic curve, isogeny 
Fundamental domain, 203, 220-221 
Fundamental Theorem, see Reciprocity 
Fuss, P.-H., 337 


G 


Gauss, C. F., 2-3, 19, 22-23, 27-28, 32, 
39, 42-43, 45, 48-49, 54-56, 62- 
64, 66-67, 83-85, 109, 114-115, 
118, 134, 221, 292-293, 306, 
337-338. See also Composition; 
Genus theory 
biquadratic reciprocity, 19, 56, 75-76, 
78, 83 
cubic reciprocity, 3, 19, 56, 76, 78 
Disquisitiones Arithmeticae, 3, 22, 43, 
51-52, 54-55, 57-59, 76, 134 
indefinite forms, 27, 51 
mathematical diary, 57, 77-78, 291, 304 
quadratic forms, 22, 27, 51, 57-59, 77, 
101 
quadratic reciprocity, 57-58, 66 
first proof, 57-58 
second proof, 51, 58, 61-63 
third proof, 36 
sixth proof, 78 
Gaussian integers, 67, 73, 75, 81-82 
Gauss sums, 78 
Gee, A., xi, 283, 309, 313, 318-320, 324, 
344, 346 
Generalized dihedral extension, see Field, ex- 
tension; Ring class field 
Genus theory, 2-3, 8, 18, 30-34, 87. See also 
Field, genus; Hilbert class field, 
relation to genus theory 
composition of genera, 49 
definition of genus, 30 
for field discriminants, 109-114 
Gauss’ theory, 42, 48-52, 66 
genus of a coset, 32, 41, 48 
Lagrange’s theory, 18, 30-34, 52 
principal genus, 32-33, 49, 53-54, 62- 
64, 66, 108-109 
relation to convenient numbers, 53-56, 
115, 118 
relation to p =x +ny?, 33, 53-56 
Goldbach, C., 9, 11, 13 
Goldfeld, D., 135 
Goldwasser, S., 297-298, 300, 302-304, 338 


Goldwasser—Kilian—Atkin Test, see Primality 
testing 

Goldwasser-Kilian Test, see Primality testing 

Golod, E. S., 94 

Gras, G., 345 

Gray, J. J., 57, 336 

Gross, B., xii, 4, 135, 220, 262, 272, 274— 
276, 297, 308, 338, 344 

Grosswald, E., 5, 338 


H 


Hajir, F., 318, 328, 344 
Hardy, G. H., 271, 316, 338 
Hasse, H., 95, 115, 119, 152, 290-291, 299- 
301, 338 
Hasse principle for quadratic forms over Q, 
53 
Hasse q-expansion principle, 211, 213, 224 
Heegner, K., 4, 135, 226, 247-248, 250, 338 
Hermann, O., 213, 271, 338 
Herstein, I. N., 68, 73, 80, 338 
Herz, C. S., 103, 119, 247, 338 
Hilbert class field, 3-4, 18, 87-88, 94- 
98, 144, 147-149, 156, 162-163, 
174, 176, 218, 240, 256, 326 
Artin Reciprocity Theorem, 97, 108 
class field theory for, 94-95, 97-98 
of Q(V—14), 3, 18, 87, 101-102, 115, 
240, 244, 246, 322 
relation to p = x? + 14y*, 3, 18, 87, 
101-102 
relation to genus theory, 108-109, 114— 
5 
relation to p = x? +ny’, 3, 88, 98 
Hilbert symbol, 115, 151-52, 159-160 
Homothety, see Lattice, homothetic 
Hong, K. J., 346 
Hua, L.-K., 53, 339 
Hudson, R.-H., 345 
Hurwitz, A., 89 
Hurwitz class number, 293, 301 
Husemiller, D., 5, 284, 287, 291, 295, 339 


Ideal numbers, 78-79 
Idele, 5, 144, 156-157, 311, 324-326. See 
also Class field theory; Shimura 
teciprocity 
class group, 156, 312 
group, 156, 312, 319-320, 324 
finite, 320, 322, 325 
Inertia group, 91, 104, 117 
Inertial degree, 90-92, 95 


INDEX 351 


Integrally closed, 89, 121 

Inverse limit, 311 

Invertible ideal, 90, 122 

Ireland, K., 61, 67-68, 70-75, 77-78, 88-99, 
107, 291, 339 

Irreducible element in a ring, 68 

Ishida, M., 115, 339 

Isogeny, see Elliptic curve, isogeny 


J 


Jacobi, C. G. J., 36, 58, 78, 339 
Jacobi symbol, 15-16, 20-21, 31, 57-58, 66, 
83-84, 280 
Janusz, G., 115, 145-147, 153-154, 156, 331, 
332 
j-Function, 4, 190, 200-205, 232, 285. See 
also j-Invariant 
cube root of the j-function, 226 
generates ring class fields, 226-227, 
232 
as a modular function, 227 
j(V—2), 194-195, 199-200 
i(V—14), 4, 226, 239-240, 244-247, 
261, 304 
as a modular function, 205-206 
q-expansion, 204, 208, 236, 255, 271, 
279 
j-Invariant, See also Elliptic curve; j-Function 
of an elliptic curve, 285-286 
generates ring class fields, 200, 215, 
218, 318 
of an ideal or order, 181, 190, 200, 
218-219, 261, 318 
for orders of class number one, 227, 
237-239, 250 
of a lattice, 181, 187-188, 190 
singular j-invariant or singular modulus, 
79, 190, 219, 226, 237, 272, 246— 
247 
Jones, B. W., 53, 339 


K 


Kaltofen, E., 213, 269-270, 272, 304, 339 
Kilian, J., 297-298, 300, 302-304, 338 
Knapp, A. W., 5, 282, 344 
Koblitz, N., 210, 282, 285, 339 
Koo, J. K., 346 
Kronecker, L., 213, 339 
class field theory, 79 
complex multiplication, 79 
Jugentraum, 80 
quadratic reciprocity, 15 
Kronecker class number formula, 266, 296 


352 INDEX 


Kronecker congruence, 213, 216-217 

Kronecker Limit Formula, 239-240 

Kronecker symbol, 93, 132, 142, 280, 316 

Kronecker-Weber Theorem, 79, 144, 147-— 
148, 158 

Kummer, E. E., 78-79 


L 


Lafon, J. P., 337 
Lagarias, J., 345 
Lagrange, J. L., 2-3, 8, 18-19, 22, 30-36, 39, 
41-42, 52, 58, 79, 339. See also 
Genus theory, Lagrange’s theory 
indefinite forms, 27 
proof of p = x7 +5y’, 8, 33-34 
quadratic forms, 2, 12, 19, 22-27 
quadratic reciprocity, 35 
Landau, E., 29, 55, 135, 339 
Lang, S., 5, 88-91, 132, 187, 205, 210-211, 
214, 218-219, 240, 243, 252, 
265, 271, 273, 284, 290, 292, 
297, 310, 312, 328, 339 
Lattice, 181-182. See also j-Invariant, of a 
lattice 
cyclic sublattice, 213 
relation to primitive ideal, 214-215 
homothetic, 187-188, 191, 193, 199, 
201, 286 
of an ideal, 190 
Laurent expansion, 184, 189, 194-195, 198- 
199. See also Weierstrass - 
function, Laurent expansion 
Lauter, K., 345 
Legendre, A. M., 2~3, 22, 35-39, 42-43, 57- 
58, 64, 79, 340. See also Compo- 
sition, Legendre’s theory 
composition, 3, 37-38, 46-47, 60-61 
observation on reduced forms, 25-26, 
34, 45 
quadratic forms, 22—23, 36-38 
quadratic reciprocity, 35-36, 57 
use of term “quadratic form,” 36 
Legendre relation, 234, 253 
Legendre symbol, See also Jacobi symbol; 
Kronecker symbol 
biquadratic, 67, 73-75, 82 
cubic, 67, 70-72, 81, 96, 169 
nth power, 97, 106, 144, 149-150 
quadratic, 12, 14. 20, 36, 50, 57, 
112, 132, 150-151, 173, 279- 
280, 316, 328 
Lemmermeyer, F., 78, 344 


Lenstra, H. W., Jr., 297-298, 300-301, 340, 
344 

L’Hospital’s rule, 187 

Linneaus, C., 59 

Liouville’s Theorem, 185-186, 197 

L-Series, 78, 135 

Lucas—Lehmer Test, see Primality Testing, 
Lucas—Lehmer Test 


Marcus, D., 88-92, 107, 111-112, 116, 148, 
155, 340 
Mathews, G. B., 48, 52, 58, 62, 340 
Maximal Abelian extension, see Field, exten- 
sion, maximal Abelian 
McKay, J., 316, 343 
Meromorphic at the cusps, 205, 309. See also 
Modular functions, g-expansion 
Mersenne, M., 8 
Mersenne number, 308 
Mersenne prime, 308 
Modular equation, 182, 200, 208-214, 262, 
290, 296 
algorithm for computing, 268-271 
for m = 3, 213 
relation to the class equation, 262-263, 
266 
Modular functions, 2, 4-5, 181-182, 200, 
226-227, 309. See also Field, 
of modular functions; j-Function; 
Weber functions 
for ['(m), 257, 309-310 
for To(m), 205-210, 226-227, 229, 
264, 270, 279, 309 
generate ring class fields, see Ring class 
field 
of level m, 309 
q-expansion, 205-208, 210-211, 228- 
230, 269-271, 278-279, 309. See 
also Hasse q-expansion principle 
for SL(2,Z), 206-207 
Modulus, 144-247, 156-158, 162-163, 219- 
220, 225 
Morain, F., 297, 302-304, 340, 343, 346 
Morton, P., 297, 343 


Neukirch, J., 5, 152-154, 156-157, 159, 325— 
326, 330-332, 340 
Neumann, O., 335 
Noetherian, 89 
Norm, 75 
of an element, 67, 73, 104—105 


of an ideal, 89, 112, 121, 124, 126-128, 
156-157 
of an idele class, 157 


ce] 


Oesterlé, J., 135, 143, 340, 344 
Ono, T., 115, 340 
Opolka, H., 5, 9, 26, 340 
Orde, H., 134, 340 
Order, see also Class number 
in a quadratic field, 120-121, 136, 162, 
291, 313. See also Class field the- 
ory; Complex multiplication; Lat- 
tice 
conductor of, 121, 136, 162, 311 
discriminant of, 121, 136 
maximal, 120, 163, 174, 218 
of quadratic forms, 58 
in a quaternion algebra, 291 
Ordinary elliptic curve, see Elliptic curve, 
over a finite field 


P 


p-Adic field, 159 
p-Adic integer, 53, 311, 332 
p-Adic topology, 325 
Pascal, B., 8 
Pell’s equation, 5, 27 
Period, 76-77, 84. See also Field, cyclotomic 
¢-Function, see Euler ¢-function 
go-Function, see Weierstrass go-function 
Pomerance, C., 296, 342 
Primality testing, 4, 182, 283, 297-304 
Goldwasser—Kilian—Atkin Test, 297, 
302-304 
Goldwasser-Kilian Test, 297-298, 300, 
302 
Lucas—Lehmer Test, 308 
Mersenne numbers, 308 
probabilistic primality test, 298-299 
relation to p = 2 +ny*, 297, 302-304 
use of the class equation, 284, 297, 
302-304 
use of elliptic curves, 284, 297-304 
Primary prime, 71-75, 77, 81-83, 152, 159- 
160, 168-169, 175, 291, 306 
Prime: 
to the conductor, 129-132 
element, 68 
finite, 94 
ideal, 68, 89 
infinite: 
complex, 94 


INDEX 353 


real, 94 
Prime Number Theorem, 172, 301 
Primitive: 
element of an extension, 3-4, 99-100, 
102-103, 105, 118-119, 162, 
165, 181, 200, 274 
element in an order, 215, 225, 262-263, 
265-268, 277-278 
ideal, 214-215, 225 
relation to cyclic sublattices, see Lat- 
tice 
quadratic form, see Quadratic form, 
primitive 
root, 76-77, 84 
Principal: 
class, 45-46 
form, 31 
fractional ideal, 90 
genus, 32, 49, 109 
ideal, 68, 123 
Principal Ideal Domain (PID), 68-69, 73, 80, 
107 
Profinite completion, 311 
Profinite topology, 330 
Projective space, 284, 304 
Proper: 
equivalence, see Quadratic form, equiv- 
alence 
fractional ideal, 122 
ideal, 121-122 
representation, see Quadratic form, rep- 
resented by 
Properly discontinuous action, 203 
p=x+ny’, 1-5, 7, 11-12, 17-19, 21-22, 
24-25, 27-33, 35, 42-43, 46, 50, 
53, 55-56, 61, 65, 87-88, 98— 
101, 108, 120-121, 144, 155- 
156, 162-166, 181-182, 200, 
216, 262, 273-274, 297, 302- 
304, 314-315. See also Class 
equation; Genus theory; Hilbert 
class field; Primality testing; Ring 
class field 
p=x+y?’, 1-2, 7-11, 20, 27-29, 304, 316 
p=x +2y’, 1-2, 7-8, 11, 14, 19-20, 27-28, 
41, 65, 76, 83, 302 
p=x+4+3y’, 1-2, 7-8, 11, 14, 19-20, 27-28, 
304 
p=x+5y’, 1-2, 8, 12, 18, 27, 30-31, 33- 
35, 37, 58 
p=x+14y’, ix, 3, 18, 27, 30-31, 33-34, 
37, 56, 87, 101-102, 115, 171. 
See also Hilbert class field 


354 INDEX 


p=x+2Ty", 2-4, 18, 27, 56, 67, 72-73, 76, 
79, 162, 166-169. See also Ring 
class field 

p=x+64y, 3, 18, 27, 56, 67, 74-75, 76, 
79, 162, 166, 168-169. See also 
Ring class field 


Q 


q-Expansion, see j-Function; Modular func- 
tions 
Quadratic form, 2, 8, 11-12. See also Class 
number; Composition; Gauss; 
Genus theory; Lagrange; Legen- 
dre 
class of, 27, 38, 59 
Lagrangian, 46-47, 60-61 
principal, 46 
relation to Hilbert class field, 101 
determinant, 58 
discriminant, 23, 58 
equivalence, 22, 37-38 
improper, 23 
modulo m, 52 
over Q, 53 
over a ring, 52 
proper, 23, 37-38, 59 
Rt, 221 
signed, 129, 140-141 
indefinite, 5, 24, 27, 40 
negative definite, 24 
opposite, 46 
orders of, 58-59 
positive definite, 2, 11, 22, 24-25 
primitive, 22 
improperly primitive, 58 
properly primitive, 58 
principal, 31 
reduced, 2, 12, 23, 25-27, 34, 38 
represented by, 22 
number of representations, 5, 8, 55 
properly represented, 22 
root, 124-125, 137, 221 
Quadratic reciprocity, see Reciprocity, 
quadratic 


Ramanujan, S., 260-261, 315-316, 333 
Ramification, see Field, extension, ramifica- 
tion 
ramification index, 90 
Ray class field, 149, 158, 219-220, 225, 313, 
331 


Reciprocity: 
Artin Reciprocity Theorem, see Class 
field theory, Artin Reciprocity 
Theorem 
biquadratic, 2-3, 4, 8, 19, 56, 67, 
71, 73-75, 78-79, 83, 87, 146, 
149, 152, 162, 168-169. See also 
Gauss, biquadratic reciprocity 
fundamental theorem, 75 
proof by class field theory, 152, 168— 
169 
supplementary laws, 74-75, 82 
cubic, 2-3, 4, 8, 19, 56, 67, 71-73, 76, 
78-79, 81, 87, 146, 149, 162. See 
also Gauss, cubic reciprocity 
proof by class field theory, 168, 176— 
177, 186-187, 194 
supplementary laws, 71-72, 175 
higher, 2-4, 76, 78-79 
quadratic, 2, 4, 7, 11-17, 20-21, 34— 
37, 40, 42, 51, 57-58, 61-63. 
See also Euler; Gauss; Lagrange; 
Legendre 
fundamental theorem, 57 
proof by class field theory, 150-151, 
158-159 
supplementary laws, 16, 21, 66, 159 
Reciprocity Step, 9, 11-12, 13-14, 16— 
17, 20, 21-22, 28, 41. See also 
Euler, L., two-step strategy 
Shimura Reciprocity, see Shimura Reci- 
procity 
Strong Reciprocity, 151-152, 159 
Weak Reciprocity, 150-152, 159, 168, 
168-169 
Reduced quadratic form, see Quadratic form, 
reduced 
Reduction of elliptic curves, see Elliptic curve 
Representations by quadratic forms, see 
Quadratic form 
Residue: 
biquadratic, 18, 74-76, 78, 82-83 
cubic, 2, 18, 71-73, 76-78, 81 
field, 89 
quadratic, 12, 74 
Rieger, G. J., 57, 78, 340 
Riemann Hypothesis, 135 
Ring class field, 4, 147, 162-163, 169~ 
170, 172, 174, 176-179, 200, 
218, 292, 294, 303-304, 309, 
313, 318-319, 326, 332. See also 
Complex multiplication, relation 
to ring class fields; Shimura Reci- 
procity, for ring class fields 


Artin map, 218 
conductor of, see Conductor, of a ring 
class field 
extended, 309, 313-317, 326, 332-333 
relation to p = x? +ny’, 314-316 
generated by modular functions, 200, 
215-218, 226-227, 232, 240, 
242-243, 250, 257-258, 262, 274 
of Z[./—27], 162, 166-168 
relation to cubic reciprocity, 168-169 
relation to p = x* +27y*, 168 
of Z| /—64], 162, 166-168 
relation to biquadratic reciprocity, 
168-169 
relation to p = x? + 64y’, 168 
of Z[/—n], 4, 162-164, 181-182 
relation to p = x* +ny’, 162-165 
relation to generalized dihedral exten- 
sions, see Field, extension 
Rodriguez-Villegas, F., 318, 328, 344 
Rogers, L. J., 315 
Rogers-Ramanujan continued fraction, 315- 
316, 333 
Roquette, P., 94, 340 
Rosen, M., 61, 67, 68, 70-75, 77-78, 88-89, 
107, 291, 339 
Rubin, K., 292, 344 


Ss 


Scharlau, W., 5, 9, 26, 35, 340 

Schertz, R., 227, 232, 240, 310, 318, 328, 
340, 344 

Schonhage, A., 345 

Schoof, R. J., 302 

Schuhmann, E., 335 

Selberg, A., 172 

Serre, J.-P., 202, 228, 271, 325, 340, 344 

Shafarevich, I. R., 53, 88, 90, 93-94, 119, 
129, 134, 335 

Shanks, D., 27, 340 

Shimura, G., 5, 210, 218, 243, 284, 297, 312, 
328, 341 

Shimura Reciprocity, 243-244, 283, 309, 
312-313, 322, 327-328 

for extended ring class fields, 315, 317, 
326-327 
for ring class fields, 318-319, 324, 327- 

328 

Siegel, C. L., 134-135, 341 

o-Function, see Weierstrass o-function 

Silverberg, A., 292, 344, 346 

Silverman, J., 5, 284-285, 286, 288~291, 341, 
344 


INDEX 355 


Singular moduli, see j-Invariant 

Smith, H. J. S., 52-53, 64, 71, 74, 78, 213, 
341 

Spearman, B. K., 345 

Split completely, 91, 98-99, 154-156, 161, 
164-165, 216, 273, 329 

Stark, H., 4, 135, 194, 226, 247, 250, 341 

Stevenhagen, P., xi, 283, 309, 313, 317-319, 
324, 344-346 

Supersingular elliptic curve, see Elliptic curve, 
over a finite field 

Supersingular polynomial, 297 

Sutherland, A. V., 346 


T 


Tamagawa numbers, 115 
Tan, V., 346 

Tate, J., 295, 344 

Taylor, M. J., 220, 297, 336 
Ternary form, 64 

Trace of an element, 104 


U 


Unique Factorization Domain (UFD), 68-69, 
73, 80, 89, 107, 119, 128, 137 
Unit in a ring, 68 


Vv 


Valente, T., 302, 339 
Viadut, S. G., 80, 344 


Ww 


Wagon, S., 298, 300, 341 
Wallis, J., 9, 341 
Watson, G. N., 187, 252, 342 
Weber, H., 4, 172, 240, 245, 250, 260-261, 
301, 341. See also Kronecker- 
Weber Theorem 
Lehrbuch der Algebra, 226-227, 237, 
240, 244, 246, 269 
Weber function h(z;L), 219, 225 
Weber functions f, f}, f2, 205, 226, 232-237, 
250, 255-258, 260-261, 303- 
304, 309, 317-318, 322-324, 
328-329 
class number one theorem, 248 
computations of j-invariants, 237-247 
generate ring class fields, 240, 257, 318, 
322 
as modular functions, 241, 257, 310, 
328-329 


356 INDEX 


Weierstrass equation, see Elliptic curve 
Weierstrass g-function, 5, 187, 219, 284. See 
also Complex multiplication, re- 
lation to elliptic functions 
addition law, 183, 186, 197, 286-287, 
305 
definition, 182 
differential equation, 182, 198, 284 
duplication law, 190, 287, 305 
Laurent expansion, 184, 189, 194-195, 
199 
relation to o-function, 234 
relation to Weber functions, 234-235 
Weierstrass o-function, 205, 234-235, 252- 
255 
relation to Weber functions, 235, 255 
Weierstrass ¢-function, 252-253 
Weil, A., ix, 5, 9, 11, 15, 17-18, 35, 37, 42, 
55, 60, 65, 79, 157, 289, 339-340 
Weinberger, P. J., 56, 340 
Whittaker, E. T., 187, 252, 340 
Williams, K. S., 79, 339, 343 
Wong, A., 346 
Wright, E. M., 271, 336 
Wussing, H., 335 


Y 


Yui, N., 213, 269-270, 272, 304, 339, 342, 
346 


Z 


Zagier, D., 4-5, 27, 115, 129, 134-135, 140, 
262, 272, 274-276, 338, 342, 346 
¢-function: 
Dedekind ¢-function, 153 
of a variety, 77 
Weierstrass ¢-function, see Weierstrass 
¢-function 


ADDITIONAL REFERENCES 


A. References Added to the Text 


Al. 


A2. 


A3. 


A4. 


AS. 


A6. 


A7. 


A. O. L. Atkin and F. Morain, Elliptic curves and primality proving, Math. 
Comp. 61 (1993), pp. 29-68. 


B. C. Berndt, Ramanujan’s Notebooks, Part IV, Springer-Verlag, New York, 
1994. 


B. C. Berndt, R. Evans and K. S. Williams, Gauss and Jacobi Sums, Wiley, 
New York, 1998. 


J. Brillhart and P. Morton, Class numbers of quadratic fields, Hasse invariants 
of elliptic curves, and the supersingular polynomial, J. Number Theory 106 
(2004), pp. 79-111. 


P. Bussotti, From Fermat to Gauss: Infinite Descent and Methods of Reduction 
in Number Theory, Dr. Erwin Rauner Verlag, Augsburg, 2006. 


B. Cho, Primes of the form x’ + ny? with conditions x = 1 mod N, y=0modN, 
J. Number Theory 130 (2010), pp. 852-861. 


D. Cox, Galois Theory, 2nd edition, Wiley, Hoboken, New Jersey, 2012. 
343 


Primes of the Form x2 + ny’, Second Edition. By David A. Cox 
Copyright © 2013 John Wiley & Sons, Inc. 


344 


A8 


A9. 


Alo. 


All. 


Al2. 


Al3. 


Al4. 


Al5. 


Al6. 


Al7. 


Al8. 


Al9. 


A20. 
A21. 


A22. 


A23. 


A24. 


ADDITIONAL REFERENCES 


D. Cox, J. McKay and P. Stevenhagen, Principal moduli and class fields, Bull. 
London Math. Soc. 26 (2004), pp. 3-12. 


W. Duke, Continued fractions and modular functions, Bull. Amer. Math. Soc. 
42 (2005), pp. 137-162. 


A. Gee, Class fields by Shimura reciprocity, J. Théor. Nombres Bordeaux 11 
(1999), pp. 45-72. 


A. Gee and P. Stevenhagen, Generating class fields using Shimura reciprocity, 
in Algorithmic Number Theory (Portland, OR, 1998), Lecture Notes in Com- 
put. Sci. 1423, Springer-Verlag, Berlin, 1998, pp. 441-453. 


B. Gross, An elliptic curve test for Mersenne primes, J. Number Theory 110 
(2005), pp. 114-119. 


F. Hajir and F. Rodriguez- Villegas, Explicit elliptic units, I, Duke Math. J. 90 
(1997), pp. 495-521. 


A. W. Knapp, Elliptic Curves, Princeton University Press, Princeton, New Jer- 
sey, 1992. 


F. Lemmermeyer, Reciprocity Laws: From Euler to Eisenstein, Springer- 
Verlag, New York, 2000. 


H. W. Lenstra, Jr. and C. Pomerance, Primality testing with Gaussian periods, 
preprint, 2011, available at http: //www.math.dartmouth.edu/~carlp/ 
PDF/complexity12.pdf. 


J. Oesterlé, Le probléme de Gauss sur le nombre de classes, L’Ens. Math. 34 
(1988), pp. 43-67. 


K. Rubin and A. Silverberg, Point counting on reductions of CM elliptic 
curves, J. Number Theory 129 (2009), pp. 2903-2923. 


R. Schertz, Weber’s class invariants revisted, J. Théor. Nombres Bordeaux 14 
(2002), pp. 325-343. 


J.-P. Serre, Local Fields, Springer-Verlag, New York, 1979. 


J. H. Silverman, Advanced Topics in the Arithmetic of Elliptic Curves, 
Springer-Verlag, New York, 1994. 


J. H. Silverman and J. Tate, Rational Points on Elliptic Curves, Springer- 
Verlag, New York, 1992. 


P. Stevenhagen, Hilbert’s 12th problem, complex multiplication, and Shimura 
reciprocity, in Class Field Theory—Its Centenary and Prospect (Tokyo, 1998), 
Adv. Stud. in Pure Math. 30, Math. Soc. Japan, Tokyo, 2001, pp. 161-176. 


S. G. Vladut, Kronecker’s Jugendtraum and Modular Functions, Gordon and 
Breach, New York, 1991. 


ADDITIONAL REFERENCES 345 


B. Further Reading for Chapter One 


Bl. 


B2. 


B3. 


B4. 


D. Buell, Binary Quadratic Forms: Classical Theory and Modern Computa- 
tions, Springer-Verlag, New York, 1989. 


K. Burde, Ein rationales biquadratisches Reziprozitdtsgesetz, J. Reine Angew. 
Math. 235 (1969), pp. 175-184. 


A. Schonhage, Fast reduction and composition of binary quadratic forms, 
Proc. International Symposium on Symbolic and Algebraic Computation (IS- 
SAC ’91, Bonn), ACM Press, 1991, pp. 128-133. 


B. K. Spearman and K. S. Williams, Representing primes by binary quadratic 
forms, Amer. Math. Monthly 99 (1992), pp. 423-426. 


C. Further Reading for Chapter Two 


Cl. 


C2. 


C5. 


H. Cohen and P. Stevenhagen, Computational class field theory, in Algorithmic 
Number Theory: Lattices, Number Fields, Curves and Cryptography, Math. 
Sci. Res. Inst. Publ. 44, Cambridge University Press, Cambridge, 2008, pp. 
497-534. 


K. Conrad, History of class field theory, available online at www.math.uconn. 
edu/~kconrad/blurbs/gradnumthy/cfthistory.pdf. 


. G. Gras, Class Field Theory: From Theory to Practice, Springer-Verlag, New 


York, 2010. 


. J. Lagarias, Sets of primes determined by systems of polynomial congruences, 


Illinois J. Math. 27 (1983), pp. 224-239. 


K. S. Williams and R. H. Hudson, Representation of primes by the principal 
form of discriminant —D when the classnumber h(—D) is 3, Acta Arith. 57 
(1991), pp. 131-153. 


D. Further Reading for Chapter Three 


D1. 


D2. 


D3. 


J. V. Belding, R. Broker, A. Enge and K. Lauter, Computing Hilbert class 
polynomials, in Algorithmic Number Theory, Lecture Notes in Comput. Sci. 
5011, Springer-Verlag, Berlin, 2008, pp. 282-295. 


B. C. Berndt and H. H. Chan, Ramanujan and the modular j-invariant, Canad. 
Math. Bull. 42 (1999), pp. 427-440. 


S. Chowla and M. Cowles, On the coefficients c, in the expansion x 
TI? —x")?(1 — xt")? = 77° cnx", J. Reine Angew. Math. 292 (1977), pp. 
115-116. 


346 


D4. 


DS. 


D6. 


ADDITIONAL REFERENCES 


H. Cohen and P. Stevenhagen, Computational class field theory, in Algorithmic 
Number Theory: Lattices, Number Fields, Curves and Cryptography, Math. 
Sci. Res. Inst. Publ. 44, Cambridge University Press, Cambridge, 2008, pp. 
497-534. 


A. V. Sutherland, Computing Hilbert class polynomials with the Chinese re- 
mainder theorem, Math. Comp. 80 (2011), pp. 501-538. 


N. Yui and D. Zagier, On the singular values of Weber modular functions, 
Math. Comp. 66 (1997), pp. 1645-1662. 


E. Further Reading for Chapter Four 


El. 


E2. 


E3. 


E4. 


ES. 


E6. 


A. Abatzoglou, A. Silverberg, A. V. Sutherland, and A. Wong, Deterministic 
elliptic curve primality proving for a special sequence of numbers, preprint, 
2012, available online at http: //arXiv.org/abs/1202.3695. 


H. H. Chan, A. Gee, and V. Tan, Cubic singular moduli, Ramanujan’s class 
invariants \,, and the explicit Shimura reciprocity law, Pacific J. Math. 208 
(2003), pp. 23-37. 


B. Cho and J. K. Koo, Construction of class fields over imaginary quadratic 
fields and applications, Quarterly J. Math. 61 (2010), pp. 199-216. 


H. Cohen and P. Stevenhagen, Computational class field theory, in Algorithmic 
Number Theory: Lattices, Number Fields, Curves and Cryptography, Math. 
Sci. Res. Inst. Publ. 44, Cambridge University Press, Cambridge, 2008, pp. 
497-534. 


K. J. Hong and J. K. Koo, Singular values of some modular functions and their 
applications to class fields, Ramanujan J. 16 (2008), pp. 321-337. 


F. Morain, Primality proving using elliptic curves: an update, in Algorithmic 
Number Theory (Portland, OR, 1998), Lecture Notes in Comput. Sci. 1423, 
Springer-Verlag, Berlin, 1998, pp. 111-127. 


PURE AND APPLIED MATHEMATICS 
A Wiley Series of Texts, Monographs, and Tracts 


Founded by RICHARD COURANT 
Editors Emeriti: MYRON B. ALLEN III, DAVID A. COX, PETER HILTON, 
HARRY HOCHSTADT, PETER LAX, JOHN TOLAND 


ADAMEK, HERRLICH, and STRECKER—Abstract and Concrete Catetories 
ADAMOWICZ and ZBIERSKI—Logic of Mathematics 
AINSWORTH and ODEN—A Posteriori Error Estimation in Finite Element Analysis 
AKIVIS and GOLDBERG-——Conformal Differential Geometry and Its Generalizations 
ALLEN and ISAACSON—Numerical Analysis for Applied Science 
*ARTIN—Geometric Algebra 
ATKINSON, HAN, and STEWART—Nunmerical Solution of Ordinary Differential 
Equations 
AUBIN—Applied Functional Analysis, Second Edition 
AZIZOV and IOKHVIDOV—Linear Operators in Spaces with an Indefinite Metric 
BASENER—Topology and Its Applications 
BERG—The Fourier-Analytic Proof of Quadratic Reciprocity 
BERKOVITZ—Convexity and Optimization in R” 
BERMAN, NEUMANN, and STERN—Nonnegative Matrices in Dynamic Systems 
BOYARINTSEV—Methods of Solving Singular Systems of Ordinary Differential 
Equations 
BRIDGER—Real Analysis: A Constructive Approach 
BURK—Lebesgue Measure and Integration: An Introduction 
*CARTER—Finite Groups of Lie Type 
CASTILLO, COBO, JUBETE, and PRUNEDA—Orthogonal Sets and Polar Methods in 
Linear Algebra: Applications to Matrix Calculations, Systems of Equations, 
Inequalities, and Linear Programming 
CASTILLO, CONEJO, PEDREGAL, GARCIA, and ALGUACIL—Building and Solving 
Mathematical Programming Models in Engineering and Science 
CHATELIN—Eigenvalues of Matrices 
CLARK—Mathematical Bioeconomics: The Mathematics of Conservation, Third Edition 
COX—Galois Theory, Second Edition 
COX—Primes of the Form x? + ny?: Fermat, Class Field Theory, and Complex 
Multiplication, Second Edition 
*CURTIS and REINER—Representation Theory of Finite Groups and Associative Algebras 
*CURTIS and REINER—Methods of Representation Theory: With Applications to Finite 
Groups and Orders, Volume I 
CURTIS and REINER—Methods of Representation Theory: With Applications to Finite 
Groups and Orders, Volume II 
DINCULEANU—Vector Integration and Stochastic Integration in Banach Spaces 
*DUNFORD and SCHWARTZ—Linear Operators 
Part 1—General Theory 
Part 2—-Spectral Theory, Self Adjoint Operators in 
Hilbert Space 
Part 3—Spectral Operators 
FARINA and RINALDI—Positive Linear Systems: Theory and Applications 


*Now available in a lower priced paperback edition in the Wiley Classics Library. 
tNow available in paperback. 


Primes of the Form x2 + ny”, Second Edition. By David A. Cox 
Copyright © 2013 John Wiley & Sons, Inc. 


FATICONI—The Mathematics of Infinity: A Guide to Great Ideas, Second Edition 
FOLLAND—Real Analysis: Modern Techniques and Their Applications 
FROLICHER and KRIEGL—Linear Spaces and Differentiation Theory 
GARDINER—Teichmiiller Theory and Quadratic Differentials 
GILBERT and NICHOLSON—Modern Algebra with Applications, Second Edition 
*GRIFFITHS and HARRIS—Principles of Algebraic Geometry 
GRILLET—Algebra 
GROVE—Groups and Characters 
GUSTAFSSON, KREISS and OLIGER—Time Dependent Problems and Difference 
Methods 
HANNA and ROWLAND—Fourier Series, Transforms, and Boundary Value Problems, 
Second Edition 
*HENRICI—Applied and Computational Complex Analysis 
Volume 1, Power Series—Integration—Conformal Mapping—Location 
of Zeros 
Volume 2, Special Functions—Integral Transforms—Asymptotics— 
Continued Fractions 
Volume 3, Discrete Fourier Analysis, Cauchy Integrals, Construction 
of Conformal Maps, Univalent Functions 
*HILTON and WU—A Course in Modern Algebra 
*HOCHSTADT— Integral Equations 
JOST—Two-Dimensional Geometric Variational Procedures 
KHAMSI and KIRK—An Introduction to Metric Spaces and Fixed Point Theory 
*KOBAYASHI and NOMIZU—Foundations of Differential Geometry, Volume I 
*KOBAYASHI and NOMIZU—Foundations of Differential Geometry, Volume II 
KOSHY—Fibonacci and Lucas Numbers with Applications 
LAX—Functional Analysis 
LAX—Linear Algebra and Its Applications, Second Edition 
LOGAN—An Introduction to Nonlinear Partial Differential Equations, Second Edition 
LOGAN and WOLESENSK Y—Mathematical Methods in Biology 
LUI—Numerical Analysis of Partial Differential Equations 
MARKLEY—Principles of Differential Equations 
MORRISON—Functional Analysis: An Introduction to Banach Space Theory 
NAYFEH—Perturbation Methods 
NAYFEH and MOOK—Nonlinear Oscillations 
O’LEARY—Revolutions of Geometry 
O’NEIL—Beginning Partial Differential Equations, Second Edition 
PANDEY—The Hilbert Transform of Schwartz Distributions and Applications 
PETKOV—Geometry of Reflecting Rays and Inverse Spectral Problems 
*PRENTER—Splines and Variational Methods 
PROMISLOW-—A First Course in Functional Analysis 
RAO—Measure Theory and Integration 
RASSIAS and SIMSA—Finite Sums Decompositions in Mathematical Analysis 
RENELT—Elliptic Systems and Quasiconformal Mappings 
RIVLIN—Chebyshev Polynomials: From Approximation Theory to Algebra and Number 
Theory, Second Edition 
ROCKAFELLAR—Network Flows and Monotropic Optimization 
ROITMAN— Introduction to Modern Set Theory 
ROSS]—Theorems, Corollaries, Lemmas, and Methods of Proof 
*RUDIN—Fourier Analysis on Groups 
SENDOV—The Averaged Moduli of Smoothness: Applications in Numerical Methods 
and Approximations 
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SENDOV and POPOV—The Averaged Moduli of Smoothness 
SEWELL—The Numerical Solution of Ordinary and Partial Differential Equations, 
Second Edition 
SEWELL—Computational Methods of Linear Algebra, Second Edition 
SHICK—Topology: Point-Set and Geometric 
SHISKOWSKI and FRINKLE—Principles of Linear Algebra With Maple™ 
SHISKOWSKI and FRINKLE—Principles of Linear Algebra With Mathematica® 
*SIEGEL—Topics in Complex Function Theory 
Volume |—Elliptic Functions and Uniformization Theory 
Volume 2—Automorphic Functions and Abelian Integrals 
Volume 3—Abelian Functions and Modular Functions of Several Variables 
SMITH and ROMANOWSKA—Post-Modern Algebra 
SOLIN-Partial Differential Equations and the Finite Element Method 
STADE—Fourier Analysis 
STAHL and STENSON—Introduction to Topology and Geometry, Second Edition 
STAHL—Real Analysis, Second Edition 
STAKGOLD and HOLST—Green’s Functions and Boundary Value Problems, 
Third Edition 
STANOYEVITCH—Introduction to Numerical Ordinary and Partial Differential 
Equations Using MATLAB® 
*STOKER—Differential Geometry 
*STOKER—Nonlinear Vibrations in Mechanical and Electrical Systems 
*STOKER—Water Waves: The Mathematical Theory with Applications 
WATKINS—Fundamentals of Matrix Computations, Third Edition 
WESSELING—An Introduction to Multigrid Methods 
tWHITHAM—Linear and Nonlinear Waves 
ZAUDERER—Partial Differential Equations of Applied Mathematics, Third Edition 


*Now available in a lower priced paperback edition in the Wiley Classics Library. 
tNow available in paperback. 


